Last Updated: Sep 21, 2017

The WAF protects most HTTP based web services.

General website protection

Function Description
Common vulnerabilities protection Protects content against SQL injection, cross-site scripting (XSS), command execution, code execution, local file include, remote file include, illegal file upload, and more.
Web shell protection Prevents popular web shell and Trojan uploads.
Sensitive information protection Prevents leakage of sensitive information, such as username and password.
Scanner and hack tools protection Identifies and blocks scanners or hack tools.

HTTP flood mitigation

Function Description
Challenge Reverse probes a client by inserting a cookie and redirection challenge. Then, tools or scripts cannot respond to the challenge successfully.
Speed limitation Bases limit on source IP’s query per second.
Bot protection Identifies and blocks malicious bots or spiders to avoid unnecessary consumption of bandwidth and performance.
Customized rules Supports customized rules against massive requests with a specific pattern, such as user-agent or referrer URL.
IP reputation database Maintains up-to-date database of malicious IPs maintained by Alibaba Cloud to help identify other malicious requests.
HTTP status codes Analyzes the distribution of HTTP status codes, and blocks abnormal IPs.
SSL encryption Provides a secure channel encrypted entirely by SSL.
Specific path or Parameters statistic Dynamically blacklists abnormal IPs that query specific interfaces, applications, or paths with extremely fast speed.

Customized access control

Function Description
Multiple factor based ACL IP, URL, referrer, and user-agent.
Flexible combination Combines multiple rules as an integrated rule.
Customized scenario protection Leeching, CSRF, management backend protection, and more.
Customized priorities Free changeable consequences of the rules.
Thank you! We've received your feedback.