After a website is connected to Web Application Firewall (WAF), WAF uses the default protection policies to protect the website against common Web attacks (such as SQL injections and XSS) and HTTP flood attacks. You can enable more WAF features and adjust the protection policies based on your actual business needs.

Procedure

  1. Log on to the Alibaba Cloud WAF console.
  2. On the top of the page, select Mainland China or International.
  3. Choose Management > Website Configuration. Find the domain to be managed, and click Policies in the Operation column.
  4. Enable the required WAF features and manage the protection rules.
    Note Different WAF versions have different features. Not all of the following features are included in your WAF version. For more information about the differences between WAF versions, see WAF versions.
    • HTTP ACL Policy: This feature allows you to create access control rules to filter Web requests. The rule conditions include the source IP address, the requested URL, and common HTTP request header fields. For more information about the operations, see HTTP ACL policies.
    • Web Application Protection: This feature is enabled by default. It protects your website against common Web attacks, such as SQL injections and XSS. You can configure the strictness and mode of the detection. For more information about the operations, see Configure the Web application protection policy.
    • HTTP Flood Protection: This feature is enabled by default. It protects your website against HTTP flood attacks. You can configure the strictness of the detection. You can also create protection rules to restrict the number of requests that an IP address can send within a specified time period. For more information about the operations, see Configure the HTTP flood protection mode and Customize HTTP flood protection.
    • Big Data Deep Learning Engine: This feature automatically performs semantic analysis on requests to detect disguised or hidden malicious requests. This helps prevent attacks initiated by confusion attacks and attack variants. For more information about the operations, see Big data deep learning engine.
    • Block IPs Initiating High-frequency Web Attacks: This feature automatically blocks client IP addresses that launch multiple Web attacks within a short period of time. For more information about the operations, see IP blocking.
    • Directory Scan Protection: This feature automatically blocks client IP addresses that launch multiple directory traversal attacks within a short period of time. For more information about the operations, see Directory scan protection.
    • Threat Intelligence: This feature automatically blocks access requests from common vulnerability scanners or from IP addresses in the Alibaba Cloud library of identified port scan attackers. For more information about the operations, see Threat intelligence.
    • Blocked Regions: This feature helps quickly block IP access requests from specified provinces in China or areas outside of China. For more information about the operations, see Blocked regions.
    • Data Risk Control: This feature redirects suspicious users to an additional security verification page for your specified business interfaces to prevent machine frauds. It protects your businesses against zombie accounts, hacked accounts, vote cheating, and spam messages. For more information about the operations, see Data risk control.
    • Website Tamper-proofing: This feature allows you to lock specified webpages to prevent the original content from being tampered with. When a locked webpage is requested, the server returns the cached content that you specify. For more information about the operations, see Web tamper protection.
    • Data Leakage Prevention: This feature helps you filter sensitive information in the returned content (abnormal pages or keywords) from the server, such as the ID number, bank card number, phone number, and sensitive words. For more information about the operations, see Data leakage prevention.