This topic describes the release notes for Web Application Firewall (WAF) features.


Release date Feature Description References
2021-04-01 Support for IPv6 addresses of origin servers The IPv6 addresses of origin servers can be added when you add domain names to WAF. This feature is suitable for users that need to upgrade their network from IPv4 to IPv6 in the finance, government, and enterprise sectors. Add a website
2021-03-23 Support for threat event analysis on the Overview page The threat event analysis module is added to the Overview page. Threat events are generated based on the analysis of a large number of attack alerts. This helps you identify attack sources and defend against the attacks. This feature is suitable for scenarios in which your services are at risk of web attacks and you want to obtain threat events based on a large number of alerts. View information on the WAF Overview page
2021-03-18 Support for ignoring false positives on the Security Report page False positives can be ignored on the Security Report page. WAF can automatically generate whitelist rules for specific rules. You can also add whitelist rules of Web Intrusion Prevention based on specific rule IDs or rules types. This way, the user experience is improved. This feature is suitable for scenarios in which false positives need to be managed at a fine-grained granularity and the protection effects are not affected. View security reports
2021-01-29 Scenario-specific configuration feature released The scenario-specific configuration feature is released. You can use the feature to customize anti-crawler rules to protect your business from malicious crawlers. Configure anti-crawler rules for websites
2021-01-15 Support for custom settings of TLS versions and cipher suites Transport Layer Security (TLS) protocol versions and cipher suites can be selected based on your business requirements. This helps ensure security compliance and compatibility for HTTPS communication in different scenarios. This feature is suitable for scenarios in which some TLS protocols and cipher suites need to be disabled or enabled due to the requirements of classified protection and compatibility. Configure custom TLS settings


Release date Feature Description References
2020-10-21 Security report optimized The security report feature is optimized to filter attack records by rule ID. View security reports
2020-06-04 Custom protection rule groups and Overview page optimized
  • Rules in custom rule groups can be automatically updated, which improves the security and availability of the groups.
  • The protection rule details and impact scopes of zero-day vulnerabilities are displayed on the Overview page.
Customize protection rule groups

View information on the WAF Overview page

2020-05-20 Big Data Deep Learning Engine optimized Attack probability thresholds are adjustable to achieve optimal protection effects for various business scenarios. Configure the Big Data Deep Learning Engine
2020-05-18 Support for Terraform Terraform is supported to meet the operations and maintenance (O&M) needs of large enterprises. Terraform allows you to perform basic operations, such as managing domain names and policies, by using code.
Note This feature also enables automated operations in the console. This achieves high operational efficiency and eliminates human error. For more information, see Terraform documentation.
2020-04-10 User experience optimized Data on the Overview page can be drilled down to the Security report page. Data on the Security report page can be drilled down to the Log Service page, which closes the loop of operations data.
  • Data in the Protection statistics section of the Overview page can be drilled down to the Security report page. The ranking on the URL Requests tab shows domain name information.
  • Statistics on the Access Control/Throttling tab of the Security Report page can be drilled down to the Log Service page. Custom access control rules that match access requests can be viewed and edited.
View information on the WAF Overview page

View security reports

2020-04-02 Support for bot management Value-added services such as bot management and app protection are supported to provide intelligent protection against automated attacks and intelligent protection of bot traffic. The bot management module provides trusted communications to protect native apps and defends against bot script abuse.
Note The bot management and app protection modules are available only to the new protection engine released in January 2020. If you use a protection engine of an earlier version, we recommend that you upgrade your protection engine at the earliest opportunity.
Configure a whitelist for Bot Management


2020-03-10 Upgrade guide released for the new protection engine An upgrade guide is provided to help existing users upgrade their protection engines without service interruption. Protection engine upgrade
2020-03-04 Support for intelligent load balancing among multiple SLB service nodes Intelligent load balancing is supported. WAF connects to multiple Server Load Balancer (SLB) service nodes to enable automatic disaster recovery and optimal routing with low latency. Intelligent load balancing
2020-02-14 Log Service for WAF upgraded and user experience optimized Log Service for WAF is upgraded. You can enable the full log feature for specific domain names. N/A
2020-02-10 Alert feature upgraded The alert notification feature is upgraded to provide basic statistics and details about security events and workload monitoring. Related alerts are provided to support routine O&M. Configure alert rules
2020-01-15 Protection capabilities upgraded Fine-grained throttling and robust protection against malicious network traffic are supported in the new protection engine of WAF. The account security feature can be enabled to protect against common HTTP flood attacks, dictionary attacks, and weak password sniffing.
Note The protection capabilities work for all users but can be directly enabled only by users who newly purchased WAF instances in the console. Existing users must wait until March 2020 before they can upgrade their WAF instances to enable the protection capabilities.
Configure the protection rules engine


Release date Feature Description References
2019-12-20 Features in the Exclusive edition optimized Features in the WAF Exclusive edition are optimized. You can customize the request timeout period for your domain name. Create an exclusive cluster
2019-11-28 Support for account security detection The account security feature is used to detect account security risks on logon interfaces. The risks include dictionary attacks, brute-force attacks, spam user registrations, weak password sniffing, and SMS flood attacks. Configure account security
2019-10-25 Exclusive edition released The WAF Exclusive edition is released. The Exclusive edition allows you to customize items such as protection ports, TLS versions, cipher suites, and the response page that appears when a request is blocked. This edition meets your special requirements for web application protection. Create an exclusive cluster
2019-10-22 URL profiling supported for protected websites URL profiling is supported. WAF can automatically identify business URL profiles and business volumes based on the normal network traffic that flowed through websites. This allows you to customize protection policies for different websites. N/A
2019-10-16 Data of website scan protection provided on the Overview page The volume of traffic blocked by the scan protection module, a list of blocked website scan attacks, attack details, and resolutions provided by security experts are displayed on the Overview page in the WAF console. View information on the WAF Overview page
2019-08-22 Positive security model released The positive security model is based on algorithms for intelligent big data learning. This model learns the historical network traffic of users in an iterative manner. This allows you to customize automatic protection policies. Configure the positive security model
2019-07-18 Web attack details added to the Security report page Web attack details are added to the Security report page to show the specific causes of blocked attacks. This improves the efficiency of security O&M. View security reports
2019-06-27 Protection for HTTP/2-compliant applications Protection for HTTP/2-compliant applications is supported. This feature increases the coverage rate of application protocols. This ensures that the applications of WAF users are fully protected. Add a website
2019-06-13 Decoding methods of web request content in protection configuration Decoding methods of web request content can be customized in the protection configuration. Configure the protection rules engine
2019-05-30 ACL rules optimized Multiple IP addresses or CIDR blocks can be added to ACL rules for condition matching. Create a custom protection policy
2019-05-30 Overview page optimized The Overview page in the WAF console is optimized. On this page, the system aggregates security operations events based on a large volume of log data and provides professional suggestions for event handling. This page also displays the number of attacks by type and the frequently attacked domain names. This way, the capabilities of WAF are enhanced. View information on the WAF Overview page
2019-03-19 Threat intelligence feature released The threat intelligence feature is released. This feature provides a library that contains scan attack information. You can customize the thresholds of network scan frequency and duration for blocking malicious scan attacks based on the information. This feature is used to prevent scan attacks with common signatures, such as path traversal. Configure scan protection
2019-01-03 Support for custom countries and regions to block requests The region blacklist is supported. You can specify countries and regions to block all requests from the IP addresses in the specified countries and regions. Configure a blacklist


Release date Feature Description References
2018-12-20 API operations available for website tamper-proofing API operations are available for website tamper-proofing. You can call these operations to update cached pages and add protection rules. N/A
2018-12-13 Customization of protection rule groups for web applications Protection rule groups for web applications can be customized. This allows you to configure rules based on your business requirements. This prevents false request blocking caused by default protection rules and ensures business security. Customize protection rule groups
2018-11-16 Support for one-year storage of business logs WAF is integrated with Log Service to collect, query, and analyze business logs of websites that are added to WAF in real time. Use full logs
2018-10-24 Support for traffic marking Traffic marking is supported. You can specify a header field name and value to mark the traffic forwarded by WAF. Add a website
2018-10-17 Support for query of blocking events in all logs by using a unique ID A unique ID can be used to query blocking events in all logs. This helps you identify the cause of request blocking and view the request details. Use full logs
2018-10-01 Support for security events and alerts Security events and system alerts can be sent to you by using text messages or emails. You can customize metrics to detect business exceptions at the earliest opportunity. Configure alert rules
2018-08-09 Support for the Big Data Deep Learning Engine The Big Data Deep Learning Engine is supported. It offers powerful machine learning capabilities for WAF to identify exceptions and block potentially malicious requests. Configure the Big Data Deep Learning Engine
2018-07-27 API operations provided API operations for common configurations in the console are provided to facilitate batch processing. List of operations by function
2018-04-27 Precise access control enhanced More HTTP header fields can be used to set ACL rules and filter access requests. Create a custom protection policy
2018-03-15 Support for release of WAF instances WAF instances can be released in the console based on business requirements. Terminate the WAF service
2018-01-30 Support for download of all logs In Business or higher editions, intelligent searches across all access logs are supported, and log search results can be downloaded with a few clicks. Use full logs


Release date Feature update Description
2017-12-28 Non-standard ports added More non-standard ports are supported for protection.
2017-11-24 Support for multiple load balancing algorithms Multiple load balancing algorithms can be selected as required to meet different business requirements.
2017-10-30 Application security solutions provided Application security solutions are provided to protect your applications from traffic flooding attacks and data crawling.
2017-10-26 Support for WebSocket WebSocket-compliant website service is supported.
2017-08-31 Support for monitoring of error codes Error codes can be monitored.
2017-08-31 Support for query of service bandwidth The uplink and downlink bandwidth usage can be queried.
2017-08-31 Support for the query of queries per second (QPS) The QPS can be queried by instance or domain name.
2017-08-16 Support for viewing of blackhole event details The information such as attack thresholds and events generated when a blackhole occurs can be viewed.
2017-07-27 Exclusive WAF IP addresses released Exclusive WAF IP addresses are released. You can purchase exclusive WAF IP addresses to protect specific domain names.
2017-07-25 Precise access control optimized Policies for risk control on allowed access requests and region blocking can be configured in precise access control rules.
2017-07-25 CAPTCHA algorithm optimized The CAPTCHA algorithm in custom HTTP flood protection rules is optimized, which improves the accuracy in blocking HTTP flood attacks.
2017-07-25 Support for more logical operators Logical operators such as "Does not exist" and "Value length range" are added to define precise access control rules.
2017-07-25 Support for detection of more HTTP fields Rules for detection of more HTTP fields are supported in precise access control.
2017-06-07 Support for back-to-origin domain names Back-to-origin addresses can be set to domain names in website configuration.
2017-05-25 Data leakage prevention feature released A sensitive data leakage prevention scheme is released based on network security regulations.
2017-04-12 HTTPS implementation with a few clicks HTTPS-based website access is implemented with a few clicks, without changes in server configuration.
2017-04-12 Support for non-standard ports in multiple editions of WAF Non-standard ports are supported in multiple editions of WAF for security protection.
2017-03-28 Support for the big-data threat intelligence feature The big-data threat intelligence feature is supported. Services such as security score assessment, high-risk warning, and viewing of attack information are provided.
2017-03-08 Access experience optimized DNS records can be added with a few clicks.
2017-02-09 Support for the website tamper-proofing feature The website tamper-proofing feature is supported to protect web page data from being tampered with.
2017-02-09 Log search feature released All of the service access logs can be searched with a few clicks.
2017-01-05 Support for virtual hosts Virtual hosts (HiChina) are supported for website security protection.


Release date Feature update Description
2016-12-21 WAF V3.1 released WAF V3.1 is released. This version improves the core protection capabilities of protection engines and provides features such as blocking IP addresses from specified regions and customizing protection rules to block HTTP flood attacks.
2016-12-01 Intelligent Semantic Analysis Engine provided The Intelligent Semantic Analysis Engine is provided. Compared with the RegEx Protection Engine, this engine reduces false positives.