The Web Application Firewall’s intelligent protection engine performs semantic analysis on requests. Using semantic detection, the engine discovers disguised or hidden malicious web request content to effectively intercept malicious attacks that use obfuscation, variants, and other such methods.
Note: To enable the new intelligent protection engine function, you must upgrade WAF to Enterprise Edition or above.
The new intelligent protection engine performs semantic analysis on requests and matches the semantic analysis results against its exception and attack set to discover disguised and hidden malicious web attack behaviors.
Note: The intelligent protection engine mainly protects against SQL injection and other web attack methods, not HTTP flood attacks. If you have high web attack protection requirements, we recommend that you enable the new intelligent protection engine function.
Semantics: The new intelligent protection engine merges the similar behavior characteristics of similar attacks and aggregates the attack behaviors and characteristics of a single attack class into an attack feature. By grouping the multiple behavioral characteristics of attacks into specific permutations and combinations to represent individual attack classes, this function creates a semantic structure for attack behavior.
Exception and attack set: Leveraging Alibaba Cloud Security’s own massive volume of operations data, this function models normal web applications, so that abnormalities can be detected. It extracts exception and attack models from a large volume of web application attacks to form an exception and attack set.
Log on to the Alibaba Cloud Security WAF console.
Go to Management > Website Configuration, and select the region.
Select a domain name that is already protected and click Policies.
Enable the New Intelligent Protection Engine function.