This topic describes the website protection features supported by Web Application Firewall (WAF).

Module Feature Description Enabling method Reference
Web Security RegEx Protection Engine The feature protects your websites against common web attacks based on built-in rule groups. The common web attacks include SQL injection, XSS, webshell upload, command injection, backdoor isolation, invalid file requests, path traversing, and common application attacks. The feature is enabled by default after you add a domain name. Configure the protection rules engine

Best practices for the protection rules engine

Protection Rule Group The feature allows you to combine protection rules to create a custom rule group and apply the group to specific websites as needed.
Note You can create a custom rule group for only RegEx Protection Engine.
You need to enable it after you add a domain name. Customize protection rule groups

Best practices for using custom rule groups to provide enhanced protection

Big Data Deep Learning Engine The feature is based on the deep neural network system of Alibaba Cloud. It classifies all web attack data and normal business data in the cloud and then creates a data model. This way, potential attacks can be blocked in real time. You need to enable it after you add a domain name. Configure the Big Data Deep Learning Engine
Website Tamper-proofing The feature helps you lock specific web pages, such as those that contain sensitive information. When a locked web page is requested, the page cached in WAF is returned. This prevents the tampering of the web pages. You need to enable it after you add a domain name. Configure website tamper-proofing
Data Leakage Prevention The feature filters content, such as abnormal pages and keywords, returned from the servers to websites and masks sensitive information, such as identity card numbers, bank card numbers, phone numbers, and sensitive words. WAF then returns masked information or default error pages to visitors. You need to enable it after you add a domain name. Configure data leakage prevention
Positive Security Model The feature uses Alibaba Cloud machine learning algorithms to automatically analyze the normal network traffic of a website. It then generates security protection policies tailored for the website based on the collected data. You need to enable it after you add a domain name. Configure the positive security model
Bot Management Allowed Crawlers The feature maintains a whitelist for authorized search engines, such as Google, Bing, Baidu, Sogou, 360, and Yandex. The crawlers of these search engines are allowed to access specified domain names. You need to enable it after you add a domain name. Configure the allowed crawlers function
Bot Threat Intelligence The feature provides information about suspicious IP addresses of dialers, on-premises data centers, and malicious scanners based on the powerful computing capabilities of Alibaba Cloud. This feature also maintains a dynamic IP library of malicious crawlers and prevents crawlers from accessing your websites or specific directories. You need to enable it after you add a domain name. Set a bot threat intelligence rule
Data Risk Control The feature protects crucial website services, such as registrations, logons, campaigns, and forums, against fraud. You need to enable it after you add a domain name. Configure data risk control
App Protection The feature provides secure connections and anti-bot protection for native applications. This feature also identifies proxies, emulators, and requests with invalid signatures. You need to enable it after you add a domain name. Configure application protection
Access Control/Throttling HTTP Flood Protection This feature helps you defend against HTTP flood attacks and provides protection policies in different modes. The feature is enabled by default after you add a domain name. Configure HTTP flood protection

Best practices for preventing HTTP flood attacks

IP Blacklist The feature blocks access requests from specified IP addresses, CIDR blocks, and IP addresses in specified regions. You need to enable it after you add a domain name. Configure a blacklist
Scan Protection The feature automatically blocks access requests that have specific characteristics. For example, if the source IP address of requests initiates multiple web attacks or targeted directory traversal attacks in a short period of time, WAF automatically blocks the requests. Source IP addresses are also blocked if they are from common scan tools or the Alibaba Cloud malicious IP library. You need to enable it after you add a domain name. Configure scan protection
Custom Protection Policy The feature allows you to customize ACL rules and configure rate limiting based on precise match conditions. You need to enable it after you add a domain name. Create a custom protection policy
Protection Lab Account Security The feature allows you to monitor user authentication-related interfaces, such as the endpoints used for registration and logon, and to detect events that may pose a threat to user credentials. These threats include credential stuffing, brute-force attacks, spam registration, weak password sniffing, and SMS flood attacks. You need to enable it after you add a domain name. Configure account security

Account security best practices

Whitelists Website Whitelisting After you configure a rule, requests that match the rule bypass all protection features and are directly forwarded to origin servers. You need to enable it after you add a domain name. Configure a website whitelist
Whitelisting Rules in Web Intrusion Prevention After you configure a rule, requests that match the rule bypass specified protection features, such as RegEx Protection Engine and Big Data Deep Learning Engine. You need to enable it after you add a domain name. Configure a whitelist for Web Intrusion Prevention
Whitelisting Rules in Data Security After you configure a rule, requests that match the rule bypass specified protection features, such as website tamper-proofing, data leak prevention, and account security. You need to enable it after you add a domain name. Configure a whitelist for Data Security
Whitelisting Rules in Bot Management After you configure a rule, requests that match the rule bypass specified protection features, such as bot threat intelligence, data risk control, intelligent algorithm, and application protection. You need to enable it after you add a domain name. Configure a whitelist for Bot Management
Whitelisting Rules in Access Control/Throttling After you configure a rule, requests that match the rule bypass specified protection features, such as HTTP flood protection, blacklist, scan protection, and custom protection policy. You need to enable it after you add a domain name. Configure a whitelist for Access Control/Throttling