WAF provides protection against Web attacks, such as SQL injection, XSS, remote command execution, and webshell upload. By default, Web Application Protection is enabled and the normal mode protection is used.
There are two modes provided: Protection and Warning:
There are three protection policies available when the Protection mode is selected:
If you are not clear about your website's traffic patterns, we recommend that you use the Warning mode first. You can observe the traffic flow for one or two weeks and then analyze the attack log.
Note the following points in your operations:
After Web Application Protection is enabled, you can choose Reports > Reports to view details about blocked attacks. And when new vulnerabilities are discovered, WAF updates protection rules and releases security bulletins in a timely manner.
For detailed procedures, please go to Best practices for Web application protection.
This topic describes common scenarios of HTTP flood attacks and introduces related protection strategies offered by WAF. By using WAF, you can effectively protect your site from HTTP flood attacks.
During HTTP flood attacks, the request rate of a single zombie server is typically far higher than that of a normal user. The most effective way to defend against this type of attack is to restrict the request rate of the source IP.
A large portion of HTTP flood attacks originate from international regions, data centers, and public clouds. If your website targets Chinese users, you can block requests from international regions to mitigate this attack.
Malicious requests in HTTP flood attacks are arbitrarily constructed and contain abnormal or unusual packets compared with normal requests.
We recommend that you use Data Risk Control to protect important APIs from abuses. These APIs include logon, registration, voting, and SMS verification APIs.
A large number of malicious scans pose a serious threat to the performance of your servers. Apart from restricting scans based on frequency, you can also use Malicious IP Blocking to enhance protection.
To protect your business from fake apps, you can use a number of different mitigations such as custom HTTP flood protection, blocked regions, and HTTP ACL policies. You can also integrate with Alibaba Cloud Security SDK for enhanced protection capability.
For informational websites offering services such as credit reports, apartment rentals, airline tickets, and e-book reading, Web crawlers can significantly increase bandwidth usage, slow down the server's performance, and even cause data leakage. The aforementioned approaches may not be very effective in preventing Web crawlers. We recommend that you use Anti-Bot Service for more advanced protection.
If the IP address of your origin server is disclosed, an attacker may exploit it to bypass Alibaba Cloud WAF and start direct-to-origin attacks against your origin server. To prevent such attacks, you can configure a security group (ECS origins) or whitelist (SLB origins) in your origin server.
Please note that you are not required to do the configuration described in this topic. But we recommend that you do so to eliminate the possible risk arises from IP exposure.
Alibaba Cloud provides users with high-security infrastructure capabilities by default, so that users can safely store and use data on a trusted cloud platform. It is worth noting that Alibaba Cloud infrastructure secures and scans hardware and firmware, provides a TPM2.0-compliant computing environment, and offers hardware encryption (HSM) and chip-level (SGX) encryption computing capabilities at the cloud platform layer.
In general, cloud data security solutions aim to be trustworthy, controllable, and compliant. In other words, only by providing a compliant data protection solution in a trustworthy and controllable cloud security environment can one create a top-level data security solution for cloud users.
A network attack is similar to a viral infection in humans –it will inevitably spread once contracted, resulting in more data leaks. However, that does not mean that attackers are the sole culprit of data leaks. Failure to take preventive measures is one of the leading causes of data leakage for many enterprises. In this article, we will examine how exposed your enterprise is to data leaks with the following six questions.
Of course, not all enterprises have the resources to implement all of our suggestions on security. Enterprises can selectively launch security measures based on the available funds, labor, and security policies.
For example, fast vulnerability fixes, data encryption, and regular detection and scanning are measures with immediate benefits. If you also want long-term security and stable operations for your enterprise, you will need to invest in improving employee security awareness, data visibility management, and code review procedures.
The NSFOCUS Web Application Firewall (WAF) provides comprehensive, application layer security to completely protect your critical servers and web applications. It provides full protection from the top 10 threats identified by the Open Web Application Security Project (OWASP), and has been specifically designed to protect web applications and their underlying infrastructure, including servers, plug-ins, protocols, network connectivity and more. Using advanced, state-of-the-art engineering the NSFOCUS WAF includes technology powered by an internationally-recognized research lab, and developed with over 10 years of experience protecting the world’s largest banks, telecommunications, gaming and social media companies. The WAF uses an innovative combination of machine learning, positive and negative security models, as well as application profile learning, to deliver real-time application layer security.
F5 Per-App VE's offer feature parity with physical and virtual Advanced WAF appliances, allowing you to easily replicate configurations and policies to ensure a consistent security posture across multi-cloud environments. With reduced footprint and spin-up time, F5 Per-App VE's can be rapidly provisioned to meet more agile application requirements. By implementing a Per-App architecture, you limit the total impact if/when an application is compromised, as all apps are isolated from one another.
Web applications are the most common way to provide services on the cloud and are the most vulnerable security targets. Through this course, you can understand the top 10 network application security risks listed by OWASP. We will explain these 10 security risks one by one, and choose XSS, SQL injection, Webshell, the three most common attack methods to further In-depth discussion, and finally introduce Alibaba Cloud's WAF products to help you solve online application security problems once and for all.
Alibaba Clouder - July 12, 2019
Alibaba Clouder - January 15, 2021
Alibaba Clouder - August 14, 2018
Alibaba Clouder - July 8, 2019
Alibaba Clouder - April 12, 2018
Alibaba Clouder - June 11, 2019
More Posts by Alibaba Clouder