Threat intelligence helps you automatically block access requests from common vulnerability scanners or from IP addresses in the Alibaba Cloud library of identified port scan attackers.

Prerequisites

You can enable this feature only when the following conditions are met:

Background information

You can enable the threat intelligence feature to automatically block access requests from common vulnerability scanners, including sqlmap, Acunetix Web vulnerability scanner (AWVS), Nessus, AppScan, WebInspect, Netsparker, Nikto, and RSAS. You can also use the collaborative defense function of this feature to automatically block access requests from all IP addresses in the Alibaba Cloud global library of identified port scan attackers.

Procedure

  1. Log on to the WAF console.
  2. In the left-side navigation pane, choose Management > Website Configuration. On the Website Configuration page that appears, select the region of your WAF instance (Mainland China or International).
  3. Find the domain to be configured in the domain list, and click Policies in the Operation column.
  4. On the page that appears, scroll down to the Threat Intelligence area and enable or disable the protection functions as required.
    The following protection functions are available in threat intelligence:
    • Scanning Tool Blocking: identifies common vulnerability scanners and blocks their access requests.
    • Collaborative Defense: automatically blocks access requests from all IP addresses in the Alibaba Cloud global library of identified port scan attackers.