Software bots which emulate a web browser are often used by criminals to harvest large amounts of data from websites. They can also abuse websites in other ways, such as by mass-posting adverts or malicious links in comment forms or forums, or by placing large numbers of reservations within, say, an airline booking system in order to prevent legitimate customers from making a booking.
In addition to the out-of-the-box features of the WAF which prevent the type of attacks that affect everyone who subscribes to the service, you can also create your own specific rules and policies to block bot attacks that you are receiving, or that you fear you may receive.
Web Application Attack Protection covers attacks such as database injections, cross-site scripting, and other common attack types which constitute the well-known OWASP Top 10 list (see the Open Web Application Security Project at www.owasp.org to learn more). This feature works straight out of the box and is enabled by default.
HTTP Flood Protection Mode under WAF is enabled and set to Normal by default and will help to protect the server from HTTP Flood and DDoS attacks and you should leave it at the default setting. If you subscribe to the Business or Enterprise level of the WAF then you can enhance and customize the HTTP flood protection settings by creating your own additional rules.
The Malicious IP Penalty feature under WAF is powered by Alibaba Cloud’s huge threat intelligence database of more than 4 billion IP addresses.
The database holds details of each IP address, its location, whether it has recently been used to generate attacks, whether those attacks were man- or machine-generated, how often they occurred, and so on. And the list of malicious IP addresses is updated all the time.
The other useful feature for protecting your website and server from bots is the HTTP ACL, which again is available in all editions of the Web Application Firewall.
HTTP is the communications protocol that web browsers (or other user agents such as bots) use to communicate with web servers. An ACL is an Access Control List. The HTTP ACL feature allows you to set up rules which block malicious requests.
The HTTP ACL policy lets you create more detailed rules, specific to your individual circumstances. The precise nature of the rules that you create will depend on the nature of your website or server, the URLs of the pages you want to protect, the degree of protection required, and the types of attacks that you are facing.
If your server is running WordPress and you use the pingback feature to allow users to be notified when someone replies to their blog comment, you are vulnerable to what’s known as a pingback or bounce attack. Then you can use this to construct a simple WAF rule to protect our site from such attacks.
And if you discover that a particular website is leeching images or other content from your site, you can create a WAF rule to block it. For example, if you find that www.selfish-site.com is referencing images from your company’s site, set up a rule as follows. The requests will then be blocked, and users of the selfish operator’s site will receive an error saying that the required image can’t be found.
To get step by step guide, please go to Protect Your Website and Servers with Alibaba Cloud WAF Anti-Bot Features.
After the website is deployed with Alibaba Cloud WAF, WAF helps inspect the web traffic and block common web attacks (such as SQL injections and XSS scripting) and HTTP flood attacks, based on the default protection settings. You can enable more protection functions and configure their policies according to your actual business situation.
The Business and Enterprise editions of Alibaba Cloud WAF support customizing HTTP flood protection rules to apply rate-based access control.
The frequency of certain URLs can be restricted from accessing your server by applying custom protection rules in the console. For example, you can define the following rule: when a single source IP address accesses www.yourdomain.com/login.html for more than 20 times within 10 seconds, then block this IP address for one hour.
With the Internet-based development of traditional industries and the data-based development of major businesses, crawlers have gradually become a point vulnerable to risks. According to network data statistics, more than 60% of Internet traffic is automatically generated in bulk by crawlers.
Alibaba Cloud Anti-Bot Service is a new security product launched by Alibaba Cloud Security early this year. The service provides anti-bot solutions for Web applications, HTML5 websites, APIs, and mobile apps, and manages crawlers in an orderly manner.
By default, your domain protected by the Anti-DDoS Pro instance uses the Normal HTTP flood protection mode. You can change the mode as you needed.
In this guide, you will get information on how to guard your website from HTTP(S) flood attacks with protection modes on Anti-DDoS Pro.
F5 Advanced WAF provides robust web application firewall protection, securing apps against threats including layer 7 DoS attacks, malicious bots, OWASP Top 10 threats and much more.
F5 Per-App VEs deliver the same scalable, secure and customizable application services as physical and virtual F5 ADCs - at a price and in a form factor appropriate for supporting individual apps.
Alibaba Cloud WAF is a web application firewall that monitors, filters, and blocks HTTP traffic to and from web applications. Based on the big data capacity of Alibaba Cloud Security, Alibaba Cloud WAF helps you to defend against common web attacks such as SQL injections, Cross-site scripting (XSS), web shell, Trojan, and unauthorized access, and to filter out massive HTTP flood requests. It protects your web resources from being exposed and guarantees your website security and availability.
Alibaba Cloud Anti-DDoS Pro is a paid service that features a set of high-defensive IPs, and acts as a protective barrier for the origin. It safeguards network servers under high volume DDoS attacks. After configuring the high defensive IPs for the network servers, all traffic passes through the Anti-DDoS Pro instance before rerouting to the origin.
Anti-DDoS Pro supports a peak protection bandwidth of 20Gbps ~ 600Gbps on servers inside and outside Alibaba Cloud. To make it more cost-effective, you are offered various flexible payment plans. Wherein, the fees are incurred according to the daily attack volumes.
Anti-DDoS Pro cleans all traffic, mitigates DDoS attacks, and then forward traffic to the origin. With malicious traffic mitigated, the origin gains higher availability and stability.
Additionally, with Anti-DDoS Pro enabled, traffic traction and re-injection are not necessary when your origin suffers DDoS attacks.
Alibaba Cloud Security Certification course is a series of online courses covering topics including Linux and Windows OS basics and operations, network fundamentals, host security, application security, network security, data security, etc. It is designed to help you understand how these products work, how they should be used and help you gain the required knowledge to be certified as an ACA/ACP level cloud security specialist.
Alibaba Clouder - February 21, 2020
Alibaba Clouder - July 12, 2019
Alibaba Cloud_Academy - July 10, 2020
Alibaba Clouder - July 23, 2020
Alibaba Clouder - July 9, 2019
Alibaba Clouder - July 8, 2019
More Posts by Alibaba Clouder