Community Blog How to Secure Your Sites with WAF

How to Secure Your Sites with WAF

Security is a big concern when comes to a site, here you can get some useful information on how to secure your site with Web Application Firewall.

Protect Your Data from Hit Attacks with WAF

As Big Data applications grow fast, hit attacks is becoming important. In this article, you will get some information on how to protect your data from hit attacks with WAF(Web Application Firewall).

As a result, the account is stolen by a hacker, probably because your mailbox leaked personal information or out of carelessness. The hacker can log in to all your accounts with the same information. Then, all information across your accounts will be stolen.

WAF provides a "10-minute solution" to help users deal with database hits. First, a WAF user takes 5 minutes to complete the online access. The new configuration rules are only valid for 2 minutes. The web application is under the protection of Cloud Security 10 minutes. You can defend against common attacks such as SQL injection, XXS, and Trojans with only a click of a button.

Protect Your Data with Web Application Firewall

Network attacks may lead data leaks, but Web Application Firewall can protect your core business data and prevents server malfunctions caused by malicious activities and attacks.

A network attack is similar to a viral infection in humans –it will inevitably spread once contracted, resulting in more data leaks. However, that does not mean that attackers are the sole culprit of data leaks. Failure to take preventive measures is one of the leading causes of data leakage for many enterprises.

Enterprises need to protect critical, sensitive data throughout its life cycle. Data generation, communication, storage, and destruction must be performed within a controlled and encrypted environment. In addition, we recommend enterprises to use cloud certificate services to implement one-click HTTPS transformation.

Prevent Bot Attacks on Your Websites and Servers

In this article, you will get some information on how to use the anti-bot technology of Alibaba Cloud WAF to prevent bot attacks.

Web Application Attack Protection covers attacks such as database injections, cross-site scripting, and other common attack types which constitute the well-known OWASP Top 10 list (see the Open Web Application Security Project at www.owasp.org to learn more). This feature works straight out of the box and is enabled by default.

HTTP Flood Protection Mode under WAF is enabled and set to Normal by default and will help to protect the server from HTTP Flood and DDoS attacks and you should leave it at the default setting. If you subscribe to the Business or Enterprise level of the WAF then you can enhance and customize the HTTP flood protection settings by creating your own additional rules.

Best practices for Web Application Firewall

In this article, you will get best practices for the protection of Web application, server and data based on Web Application Firewall.

WAF provides protection against Web attacks, such as SQL injection, XSS, remote command execution, and webshell upload. By default, Web Application Protection is enabled and the normal mode protection is used.

There are three protection policies available when the Protection mode is selected:

  1. Loose: This policy only blocks requests that display typical attack patterns.
  2. Normal: This policy blocks requests that display common attack patterns.
  3. Strict: This policy blocks crafted requests that display specific types of attack patterns.

Protect Your Site from HTTP Flood Attacks with WAF

In this article, you will get some information on how to use WAF and protection rules to protect your site from HTTP flood attacks.

During HTTP flood attacks, the request rate of a single zombie server is typically far higher than that of a normal user. The most effective way to defend against this type of attack is to restrict the request rate of the source IP.

You can create custom HTTP flood protection rules to implement restrictions on the request rate.

Related Documentation

Automatically add a website configuration - Web Application Firewall

After you activate Web Application Firewall (WAF), you need to add the website configuration of the website that needs protection in the WAF console. This topic describes how WAF automatically adds a website configuration when you use the DNS proxy mode to configure WAF.

When you configure WAF by using the DNS proxy mode, WAF can automatically read the A records that you have created on Alibaba Cloud DNS, the domain name of the website, and the origin server IP address to automatically add a website configuration. After the website configuration is added, WAF automatically updates the DNS record of the domain name.

Website configuration - Web Application Firewall

A website configuration specifies the request redirect routes for the website for which you have configured Web Application Firewall (WAF). You must specify the website configuration in the WAF console. This topic describes how to add and manage website configurations when you use the DNS proxy mode to configure WAF for your website.

When you use the DNS proxy mode to configure WAF, you can choose to add website configurations automatically or add website configurations manually.

Related Market Products

NSFOCUS Web Application Firewall (WAF)(BYOL)

The WAF serves as an essential part of Intelligent Hybrid Security architecture by providing advanced inspection and specialized security for the web application layer. It provides up to 1 Gbps of DDoS protection from other volumetric and application layer attacks, including TCP flood and HTTP/S GET/ POST floods. Additionally, if deployed in conjunction with a higher capacity NSFOCUS ADS Series Anti-DDoS appliance, the WAF can direct flows in real-time to the ADS to keep your servers running under the most extreme conditions.

F5 Advanced WAF (PAYG, 25Mbps)

The industry-leading Advanced WAF provides robust web application firewall protection by securing applications against threats including layer 7 DoS attacks, malicious bot traffic, OWASP Top 10 threats and API protocol vulnerabilities. Advanced WAF also leverages automated learning capabilities and data analysis to provide the most cutting-edge, automated protection; preventing the most sophisticated attacks from reaching your application servers.

Related Products

Web Application Firewall

Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.

Alibaba Cloud Security Services

Security and compliant are always our top concerns. Alibaba Cloud security service is committed to providing simple, secure and intelligent security services. You can access the services at any time anywhere with our easy-to-use and simple deployments. Alibaba Cloud security services are deployed based on the security technology we have developed for years to make sure the cloud environment is more secure. To accommodate your business and data processing requirements, we develop and apply the cutting-edge AI technology for the security identification and risks analysis.

Related Course

Web Application Attacks and Defense Deep Dive

Web applications are the most common way to provide services on the cloud and are the most vulnerable security targets. Through this course, you can understand the top 10 network application security risks listed by OWASP. We will explain these 10 security risks one by one, and choose XSS, SQL injection, Webshell, the three most common attack methods to further In-depth discussion, and finally introduce Alibaba Cloud's WAF products to help you solve online application security problems once and for all.

0 0 0
Share on

Alibaba Clouder

2,534 posts | 570 followers

You may also like