Path: Assets → Domains → Manage Domains
The domain list
The Manage Domains page shows every domain you’ve registered with these columns:
The top-right WAF Details button surfaces protection summaries.
Firewall Mode — Detect vs. Prevent
Each registered domain has a Firewall Mode toggle directly in the table. This controls how Osto handles malicious requests it identifies:- Detect Mode — Osto inspects every request and logs anything suspicious, but does not block. Use this when onboarding a new domain so you can review what Osto would have blocked before going live.
- Prevent Mode — Osto inspects every request and actively blocks anything malicious. This is the production setting.
Adding a Website or Subdomain
The same flow handles root domains and subdomains alike. It’s a two-step wizard.Step 1 — Domain, origin, TLS & CDN
1
Open the Add Website dialog
Go to Assets → Domains → Manage Domains and click Add Website +.
2
Enter and verify your domain
In the Domain Name field, enter the domain (e.g.
example.com or app.example.com) and click Verify. On success you’ll see “Domain verified successfully” with a green check.3
Configure origin servers
The form expands with two Server IP or LB Domain fields. Suggested origin IPs appear as chips below each — click a chip to fill, or type your own. Use both fields for high availability; use only the first for a single-origin setup. For multiple IPs in one field, separate them with commas.
4
Set TLS version
Multi-select dropdown. Defaults to TLS 1.2 + TLS 1.3 (shown as “2 selected”). TLS 1.1 is available but off by default.
5
Select CDN usage
Choose your CDN if your site sits behind one — Osto adjusts request-header handling so client IPs and other forwarded metadata are interpreted correctly. Options: Not Using CDN, AWS CloudFront, Google Cloud CDN, Azure CDN, Others.
6
Proceed to certificate setup
Click Next to move to certificate setup.
Step 2 — Certificate Configuration
This is where Osto figures out which TLS certificate to present to clients hitting your domain. You have two paths:Option A — Auto-generate (default, recommended)
Leave Auto-generate certificate checked. Osto provisions a free SSL certificate on your behalf using industry-standard ACME validation. To prove you own the domain, you add one CNAME record at your DNS provider:
After adding the record, wait a few minutes for DNS to propagate, then click Verify CNAME Record. Once verified, Osto issues the certificate and the domain moves out of draft.
Option B — Bring your own certificate
Uncheck Auto-generate certificate. Two sub-options appear:- Select Certificate — dropdown listing every certificate you’ve already uploaded under Manage Certificate. Pick the one whose Common Name covers your domain.
- Certificate Archive (ZIP) — drag-and-drop a
.zipfile containing the certificate and private key, or click to browse.
The ZIP must contain valid certificate files (
.crt, .pem) and private key files (.key, .pem).Step 3 — Point your DNS
Once the dialog closes, the domain appears in the list with status draft. The final step is at your DNS provider:- Update the domain’s A record to the Osto IP shown after Save.
- Set TTL to 600 seconds for fast propagation.
Editing a Website or Subdomain
Click the edit (pencil) icon on the row. The dialog opens directly to the Step 1 form with your existing values pre-loaded — you can update origin IPs, TLS versions, or CDN usage and click Save. To change a domain’s Firewall Mode, click the Detect Mode or Prevent Mode button directly in the row — no need to open the edit dialog.Deleting a Website or Subdomain
Click Delete Website on the row and confirm.What happens after a domain is active
- Every request hits Osto first.
- Attack Detection runs (TLS, protocol, headers).
- Advanced checks (OWASP, DDoS, bot mitigation) inspect the request body and behavior. Whether they block or merely log depends on Firewall Mode.
- Clean requests forward to your origin; malicious ones are blocked (in Prevent Mode) or recorded (in Detect Mode).
- Findings stream into Logs → Web App Logs and into the Compliance Engine as evidence.
Related
- What is Web Application Protection — the detailed protection model.
- Website Protection Policy — tune the protection behavior per domain.
- Managing SSL Certificates — upload, view, and remove certificates.

