I would suggest starting a new forum thread that mentions the technologies that you’re using in the title.
With HTTPS you don’t have a signed certificate that matches the private name that you set in the HOSTS file. If it’s a public domain name that you control, you can get a certificate for it and you can still use the HOSTS file to access it directly by IP address after the certificate is installed. However, the process of getting the certificate can be more complex depending on the exact behavior of the WAF.
If the WAF talks to the back-end server via HTTP instead of HTTPS (which is not necessarily a best practice if they’re not on the same LAN or if there are other devices on that LAN as well), then you could use a self-signed certificate for this purpose for your administration. There is nothing insecure about self-signed certificates when the person who installed them is the only person who accepts them.