edit-icon download-icon


Last Updated: Jan 22, 2018

The WAF protects most HTTP based web services.

General website protection

Function Description
Common vulnerabilities protection Protects content against SQL injection, cross-site scripting (XSS), command execution, code execution, local file include, remote file include, illegal file upload, and so on.
Web shell protection Prevents popular web shell and Trojan uploads.
Sensitive information protection Prevents leakage of sensitive information, such as username and password.
Scanner and hack tools protection Identifies and blocks scanners or hack tools.

HTTP flood mitigation

Function Description
Challenge Reverse probes a client by inserting a cookie and throwing a challenge. The tools or scripts fail to respond to the challenge correctly.
Speed limitation Applies a limit on the source IP’s query per second.
Bot protection Identifies and blocks malicious bots or spiders to avoid unnecessary consumption of bandwidth and performance.
Customized rules Supports customized rules against massive requests with a specific pattern, such as user-agent or referrer URL.
IP reputation database Maintains up-to-date database of malicious IPs maintained by Alibaba Cloud to help identify other malicious requests.
HTTP status codes Analyzes the distribution of HTTP status codes and blocks abnormal IPs.
SSL encryption Provides a secure channel encrypted entirely by SSL.
Specific path or Parameters statistic Dynamically add abnormal IPs that query specific interfaces, applications, or paths to blacklist at an extremely fast speed.

Customized access control

Function Description
Multiple-factor-based ACL IP, URL, referrer, and user-agent.
Flexible combination Combines multiple rules as an integrated rule.
Customized scenario protection Leeching, CSRF, management backend protection, and so on.
Customized priorities Free to change and set the priorities of rules.
Thank you! We've received your feedback.