This topic describes the website protection functions supported by Web Application Firewall (WAF).

Module Function Description Reference
Web Security Website Whitelisting The function allows access requests that match specified conditions. These access requests are directed to origin servers, instead of being filtered by WAF website protection policies. Configure the website whitelist
Web Intrusion Prevention

Protect against common attacks and provide quick responses to zero-day vulnerabilities to ensure website security.

RegEx Protection Engine The function protects your websites against common web attacks based on built-in rule groups. The common web attacks include SQL injection, XSS, webshell upload, command injection, backdoor isolation, invalid file requests, path traversing, and common application attacks. Configure the RegEx Protection Engine

Best practices for Web application protection

Protection Rule Group The function allows you to combine protection rules to create a custom rule group and apply the group to specific websites as needed.
Note You can create a custom rule group for only RegEx Protection Engine.
Customize protection rule groups

Use custom rule groups to prevent false positives

Big Data Deep Learning Engine The function is based on the deep neural network system of Alibaba Cloud. It classifies all web attack data and normal business data in the cloud and then creates a data model. This way, potential attacks can be blocked in real time. Configure the big data deep learning engine
Whitelisting Rules The function allows access requests that match specified conditions. These access requests are directed to origin servers, instead of being filtered by WAF website protection policies, such as RegEx Protection Engine and Big Data Deep Learning Engine. Configure the web intrusion prevention whitelist
Data Security

Prevent the leak and tampering of web page content protected by WAF. It helps you maintain data integrity and confidentiality.

Website Tamper-proofing The function helps you lock specific web pages, such as those that contain sensitive information. When a locked web page is requested, the page cached in WAF is returned. This prevents the tampering of the web pages. Configure tamper-proofing
Data Leakage Prevention The function filters content, such as abnormal pages and keywords, returned from the servers to websites and masks sensitive information, such as identity card numbers, bank card numbers, phone numbers, and sensitive words. WAF then returns masked information or default error pages to visitors. Configure data leakage prevention
Whitelisting Rules The function allows access requests that match specified conditions. These access requests are directed to origin servers, instead of being filtered by WAF website protection policies, such as website tamper-proofing and data leak prevention. Configure the data security whitelist
Advanced protection

Provide advanced web security protection functions.

Positive Security Model The model uses Alibaba Cloud machine learning algorithms to automatically study the normal network traffic of a website. It then generates security protection policies tailored for the website based on the collected data. Configure the positive security model
Bot Management

Provide security protection policies for crawler access to mitigate the impact of malicious crawlers and automation tools on your website services.

Allowed Crawlers The function maintains a whitelist for authorized search engines, such as Google, Bing, Baidu, Sogou, 360, and Yandex. The crawlers of these search engines are allowed to access specified domain names. Set a threat intelligence rule to allow requests from specific crawlers
Bot Threat Intelligence The function provides information about suspicious IP addresses of dialers, data centers, and malicious scanners based on the powerful computing capabilities of Alibaba Cloud. This function also maintains a dynamic IP library of malicious crawlers and prevents crawlers from accessing your websites or specific directories. Set a bot threat intelligence rule
Data Risk Control The function protects crucial website services, such as registrations, logons, activities, and forums, against fraud. Configure data risk control
App Protection The function provides secure connections and anti-bot protection for native applications. This function identifies proxies, emulators, and requests with invalid signatures. Configure application protection
Access Control/Throttling

Provide custom access control policies and traffic management policies at the application layer. It also ensures the accessibility of the website.

HTTP Flood Protection This function helps you defend against HTTP flood attacks and provides protection policies in different modes. Configure HTTP flood protection

Best practices for preventing HTTP flood attacks

IP Blacklist The function blocks access requests from specified IP addresses and CIDR blocks. It also blocks access requests from IP addresses in specified regions. Configure the IP blacklist
Scan Protection The function automatically blocks access requests that have specific characteristics. For example, if the source IP address of requests initiates multiple web attacks or targeted directory traversal attacks in a short period of time, WAF automatically blocks the requests. Source IP addresses are also blocked if they are from common scan tools or the Alibaba Cloud library that records malicious IP addresses. Configure scan protection
Custom Protection Policy The function allows you to customize ACL rules and configure rate limiting based on precise matching conditions. Create a custom protection policy
Whitelisting Rules The function allows access requests that match specified conditions. These access requests are directed to origin servers, instead of being filtered by WAF website protection policies, such as HTTP flood protection, IP blacklist, scan protection, and custom protection policy. Configure the access control and throttling whitelist
Protection Lab Account Security The function allows you to monitor user authentication-related interfaces, such as the interfaces used for registration and logon, and to detect events that may pose a threat to user credentials. These threats include credential stuffing, brute-force attacks, spam registration, weak password sniffing, and SMS interface abuse. Configure account security

Account security best practices

API Request Security The function allows you to upload a custom API rule file to execute only requests that comply with the rules. This protects your website assets from threats such as tampering and replay attacks. API request security