After you add a website to Web Application Firewall (WAF), you can enable the positive security model for your website. The positive security model of WAF uses Alibaba Cloud machine learning algorithms to automatically learn normal network traffic of a website. The positive security model then generates security rules tailored for the website based on the collected data. You can adjust the protection mode and rules of the positive security model based on your requirements.
Prerequisites
- A WAF instance is purchased. The instance must meet the following requirements:
- The instance is billed on a subscription basis.
- The instance is deployed in mainland China.
Note Instances deployed outside mainland China do not support the positive security model.
- The instance must be of the Enterprise edition or higher. For more information, see Editions and features.
For more information, see Purchase a WAF instance.
- Your website is added to the WAF console. For more information, see Add domain names.
Background information
Traditional protection methods against web attacks are based on detection rules. The positive security model automatically learns the network traffic of a website and uses machine learning algorithms to generate a standard security score and grade different requests. Based on the request scores, the positive security model defines the baseline traffic of a website and customizes security policies for the website. The positive security model collaborates with other detection modules of WAF to detect attacks at different network layers.
