WAF provides HTTP Flood protection to block HTTP flood attacks in different modes, including Normal and Emergency.
Note: The Emergency mode is applicable to web pages, but not to API/Native Apps, because it may result in a large number of false positives. For API/Native Apps, you can use the Custom HTTP Flood Protection.
Follow these steps to configure the HTTP Flood Protection mode:
Log on to the Web Application Firewall console and access the Website Configuration page.
Click Policies under the Operation column of the target domain name.
Enable the HTTP Flood Protection and select the corresponding protection mode.
Consider the following recommendations, when you select the mode:
- Normal mode is used by default. In Normal mode, WAF only blocks extremely suspicious requests, and the amount of false positives is relatively small.
- When you find many HTTP flood attacks are not blocked in the Normal mode, you can switch to the Emergency mode. In Emergency mode, WAF imposes strong blocking rules against HTTP flood attacks, but it may also cause many false positives.
- If many attacks are still missed out in the Emergency mode, check if the source IP addresses are WAF’s back-to-Source IP addresses. If the origin is directly under attack, temporarily set WAF to only allow WAF’s back-to-Source IP addresses to access the server.
- For better protection effects and lower false positive rate, you can use the Business Edition or Enterprise Edition to customize or request the security experts to customize targeted protection algorithms for you.
WAF is categorized based on the capacity to provide protection against the complex HTTP flood attacks, the editions are as follows:
- Pro Edition: supports default protection modes (Normal and Emergency), and blocks HTTP flood attacks with obvious attack characteristics.
- Business Edition: supports customized access control rules, and defends against HTTP flood attacks with certain attack characteristics.
- Enterprise Edition: professional customization of the protection rules that guarantee solid protection effects.
Alibaba Cloud WAF identifies attacks by using human identification, big data analysis, model analysis, and other techniques, and blocks attacks accordingly. Different from program interaction, security attack and defense is the confrontation between people. Each website has its own performance bottleneck. If hackers find a type of attack to be ineffective, they may analyze the website and then start a targeted attack. In this case, Alibaba Cloud Security experts can analyze the attacks to provide a higher level protection and a better protect effect.