WAF can identify and protect the malicious characteristics of the business traffic of the website or app. After cleaning and filtering the traffic, it returns normal and safe traffic to the server to avoid problems such as abnormal performance caused by malicious intrusion of the website server, thereby ensuring the security of the website. Business security and data security.

Functional category Function Description Business configuration Supports security protection for website HTTP and HTTPS traffic. Web application security protection Common web application attack protection Defend against common OWASP threats: SQL injection, XSS cross-site, WebShell upload, backdoor attack, command injection, illegal HTTP protocol request, common web server vulnerability attacks, CSRF, unauthorized access to core files, path traversal, website scanning, etc. Website invisibility: Do not expose the website address to attackers to prevent them from bypassing the web application firewall and directly attacking. 0day patches are updated in a timely manner: vulnerability patches are updated in a timely manner to protect website security. Friendly observation mode: Turn on the observation mode for newly launched services on the website. Suspected attacks that match the protection rules will only be alerted but not blocked, which facilitates statistics on business false alarms. Deep and precise protection Supports full parsing of multiple common HTTP protocol data formats: any header field, Form, Multipart, JSON, XML. Supports decoding common encoding types: URL encoding, Java Script Unicode encoding, HEX encoding, HTML entity encoding, Java serialization encoding, PHP serialization encoding, Base64 encoding, UTF-7 encoding, UTF-8 encoding, and mixed nested encoding. Supports pre-processing mechanisms: space compression, comment deletion, special character processing, and provides more refined and accurate data sources to various upper-level detection engines. Supports detection capabilities in complex format data environments; supports reasonable detection logic complexity to avoid false alarms caused by excessive detection data and reduces false alarm rates; supports adaptive decoding of multiple forms of data encoding to avoid using various encoding forms of bypass. CC malicious attack protection Control the access frequency of a single source IP, based on redirection verification, human-machine identification, etc. In response to massive slow request attacks, comprehensive protection is provided based on statistical response code and URL request distribution, abnormal Referer and User-Agent feature identification, and combined with precise website protection rules. Make full use of Alibaba Cloud's big data security advantages to establish threat intelligence and trusted access analysis models to quickly identify malicious traffic. Precise access control It provides a friendly configuration console interface, supports conditional combinations of common HTTP fields such as IP, URL, Referer, User-Agent, etc., configures powerful and precise access control policies, and supports protection scenarios such as hotlink protection and website background protection. Combined with common Web attack protection, CC protection and other security modules, a multi-layered comprehensive protection mechanism is built; based on needs, trusted and malicious traffic can be easily identified. virtual patch Before web application vulnerability patches are released and repaired, rapid protection can be achieved by adjusting web protection strategies. Attack incident management Supports centralized management and statistics of attack events, attack traffic, and attack scale. flexibility, reliability Support load balancing: provide services in a cluster mode, load balance multiple servers, and support multiple load balancing strategies. Supports smooth expansion: The number of cluster servers can be reduced or increased according to actual traffic conditions to achieve elastic expansion of service capabilities. No single point of problems: if a single server is down or repaired, normal services will not be affected.

Product advantages Advantage description More than 10 years of network security experience Based on more than 10 years of network security experience of Alibaba Group, it provides the same security experience as successful application cases such as Taobao, Tmall, and Alipay. A professional security team is at your service. Protect against known OWASP vulnerabilities and continuously fix disclosed vulnerabilities. Defense against CC attacks and crawler attacks Help you defend against and slow down CC attacks. Help you defend against web crawlers and avoid network resource consumption. Detect and block malicious requests to help you reduce bandwidth consumption, prevent database, SMS, and API resource shortages, reduce response delays, and avoid downtime. Supports customized protection rules for various business scenarios. Integrate big data capabilities Protects against hundreds of millions of cyber attacks every day. Has a rich IP database. It has a wide range of application cases and has extensive research on the patterns, methods and signatures of various common network attacks. Big data analytics continues to integrate advanced technologies. Simplicity and reliability Deploy and activate in 5 minutes. There is no need to install any hardware or software or adjust routing configurations. Avoid single points of failure and redundancy through the protection cluster function. High protection traffic processing performance.

WAF has passed ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 29151, BS 10012, CSA STAR, Class III, SOC 1/2/3, C5, HK Finance, OSPAR, PCI DSS and many other international authoritative certifications.

Alibaba Cloud Web Application Firewall Hybrid Cloud Solution (Hybrid Cloud WAF) supports unified Web application protection and protection for services deployed in Alibaba Cloud public cloud offline IDC computer rooms and services deployed in Alibaba Cloud public cloud third-party cloud vendor environments. The management solution provides protection for business traffic that cannot be uploaded to the cloud, and creates a flexible and efficient integrated web application security defense and management system that combines sharing and exclusive use, and integrates local and cloud.

Hybrid cloud WAF provides protection for Web business traffic in a hybrid cloud environment by introducing and integrating the protection capabilities of cloud WAF in the local computer room. Unify the WAF management platform through the cloud console to realize product capabilities such as protection rule management, security operation and maintenance, security service management, and system upgrades.

Hybrid cloud WAF supports cluster deployment mode and independent node deployment mode. Hybrid cloud WAF uses the reverse proxy mode to perform security detection on all access requests and supports business load balancing of back-end servers. The cluster deployment mode can achieve multi-node redundancy and expansion, ensuring the high performance of WAF and the high availability of services.

The hybrid cloud WAF is composed of four major modules: network, detection, monitoring and logging, and provides web protection, anti-crawling protection, real-time logs and CC protection functions. The core advantages are as follows: