Docs

Changing Your Domain

Overview

If you need to change the domain associated with your WAF instance (for example, migrating from old.example.com to new.example.com), the process requires removing the existing WAF addon and re-provisioning it with the new domain.

Due to how both the WAF and Heroku routing work, each WAF instance is tied to a single domain. A domain change is effectively a new WAF setup.

Steps to Change Your Domain

1. Note Your Current Configuration

Before making changes, make a note of any custom settings you have configured:

  • IP blocklist and allowlist entries
  • Path rules and allowlisted URLs
  • Caching settings
  • Any custom security headers

2. Update DNS for the New Domain

Point your new domain to your Heroku application using Heroku’s standard DNS target. You can verify this is working before proceeding.

3. Remove the Existing WAF Addon

From your Heroku app’s Resources tab, remove the ExpeditedWAF addon.

4. Revert DNS for the Old Domain

Remove the A record pointing to the WAF IP address for your old domain. Point it back to your Heroku DNS target if you still want to use it.

5. Re-Add the WAF Addon

Add the ExpeditedWAF addon again from the Heroku marketplace. During the setup wizard, enter your new domain name.

6. Complete the Setup Process

Follow the standard WAF setup process, including DNS verification and certificate provisioning for the new domain.

7. Restore Custom Settings

Re-apply any blocklist/allowlist entries, path rules, or other custom settings from Step 1.

Minimizing Downtime

To minimize downtime during the transition:

  • Complete the new WAF setup fully before switching DNS
  • Use the SSL verification process to confirm the certificate is working before the DNS cutover
  • Schedule the DNS change during a low-traffic period

Need Help?

We’re happy to walk you through this process: