New intelligent protection engine performs semantic analysis on requests. Using semantic detection, the engine can discover disguised or hidden malicious content in web requests and effectively intercept malicious attacks that use obfuscation, variants, and other alike methods.

Function description

New intelligent protection engine performs semantic analysis on requests and matches the semantic analysis results against its exception and attack set to discover disguised and hidden web attack behaviors.

Note New intelligent protection engine mainly protects against SQL injection and other web attack methods, rather than HTTP flood attacks. If you have high web attack protection requirements, we recommend that you enable new intelligent protection engine.

New intelligent protection engine has the following features:

  • Semantics: New intelligent protection engine merges the similar behavior characteristics of similar attacks and aggregates the attack behaviors and characteristics of a single attack class into an attack feature. By grouping the multiple behavioral characteristics of attacks into specific permutations and combinations to represent individual attack classes, this function creates a semantic structure for attack behavior.
  • Exception and attack set: Leveraging Alibaba Cloud Security’s massive volume of operations data, this function models normal web applications, so that abnormalities can be detected. It extracts exception and attack models from a large volume of web application attacks to form an exception and attack set.

Procedure

Follow these steps to enable new intelligent protection engine:

Note Make sure that you have added your domain to the WAF protection list before proceeding with the following operations. For more information, see WAF deployment guide.
  1. Log on to the Alibaba Cloud WAF console.
  2. Go to the Management > Website Configuration page, and select the region of your WAF instance (Mainland China or International).
  3. Select the domain to be configured, and click Policies.
  4. Enable New Intelligent Protection Engine.
    Note If you do not want to use this function, you can disable it on this page.