All Products
Search

This Product

    Web Application Firewall:Asset discovery

    Document Center

    Web Application Firewall:Asset discovery

    Last Updated:Apr 01, 2026

    The Asset Discovery feature of Web Application Firewall (WAF) discovers your domain name assets on Alibaba Cloud and on-premises. It assesses their security posture and provides a complete view of your protection status. Enable protection for domain names with low security scores to strengthen your overall security.

    Prerequisites

    You must have a WAF instance in the Chinese mainland region.

    Important

    Currently, the Asset Discovery feature is available only for WAF instances in Chinese mainland, including both .

    Background

    Web application assets are a fundamental component of your business and the core of any security management system. As businesses grow, the number of web applications often increases. Some assets, such as temporary employee sites or unretired testing environments, can be forgotten and become "zombie assets." Information security follows the "weakest link" principle, where your overall security is only as strong as your most vulnerable point. Unmanaged zombie assets often run on outdated systems, components, or web frameworks. These vulnerabilities provide an entry point for attackers to bypass your perimeter defenses and compromise your entire internal network.

    The WAF Asset Discovery feature integrates with Alibaba Cloud services, such as Alibaba Cloud Domains, Alibaba Cloud DNS, and SSL Certificates Service. By correlating this configuration data with big data analysis, it proactively discovers your domain assets, whether on Alibaba Cloud or hosted elsewhere. This provides a global asset inventory and helps prevent blind spots in your security coverage. Asset Discovery also uses Alibaba Cloud's default web attack detection capabilities and threat intelligence to calculate a security score for each domain name. This helps you identify assets targeted by attackers, so you can enable WAF protection and prevent intrusions.

    Note

    Asset Discovery can detect domain names registered with both Alibaba Cloud and other registrars. This includes domains that resolve to non-Alibaba Cloud servers or servers in on-premises data centers.

    View domain name assets

    1. Log on to the Web Application Firewall console.

    2. In the top navigation bar, select Chinese Mainland.

      Important

      Currently, only WAF instances in Chinese mainland support the Asset Discovery feature.

    3. In the left navigation pane, choose Asset Center > Asset Discovery.

    4. Authorize WAF to access your cloud resources.

      Before you can use the Asset Discovery feature, you must grant WAF permission to read website information from related cloud services and manage DNS records for Alibaba Cloud DNS. You can grant these permissions by using the service-linked role for WAF, AliyunServiceRoleForWAF, which is automatically created. You only need to perform this authorization once.

      If you have already granted authorization, skip this step. Otherwise, follow these steps:

      1. Click Activate for Free.资产识别(SLR)

      2. In the Note dialog box, click OK.提示(SLR)

        When you click OK, Alibaba Cloud automatically creates the service-linked role for WAF (AliyunServiceRoleForWAF).

        You can view the automatically created service-linked role for WAF in the RAM console. After the AliyunServiceRoleForWAF role is created, your WAF instance can access resources from related cloud services, such as ECS, SLB, ALB, Alibaba Cloud DNS, CDN, SSL Certificates Service, and Log Service.

      After you authorize WAF to access your cloud resources, WAF automatically detects domain name assets associated with your Alibaba Cloud account and displays them on the Asset Discovery page.

    5. On the Asset Discovery page, view the domain name assets detected by WAF.资产识别

      WAF aggregates and displays the detected domain name assets by primary domain. You can select the domain names you want to view in the following ways:

      • In the status filter box above the domain asset list, filter by protection status to quickly locate Unprotected, Partial Protection, and Protected domains.资产防护状态

      • In the search box above the domain asset list, enter a keyword to search for a specific domain name. Fuzzy search is supported.

      • In the domain asset list, click the 扩展按钮 icon to the left of a primary domain (for example, example.com) to expand the list of all its subdomains (for example, www.example.com) and view detailed asset information.

      The following information is provided for each domain name.

      Type

      Description

      Domain Name

      The domain name associated with the website.

      Server Address

      The IP address or CNAME of the website server.

      Port Number

      The open port on the website server.

      Protocol

      The protocol type used by the website server. HTTP and HTTPS are supported.

      Fingerprint

      The fingerprint information of the website server. This includes:

      • Programming language, such as Java, PHP, or ASP.

      • Middleware type, such as Nginx, Apache, or Tomcat.

      • Open source or commercial application type, such as Wordpress, DedeCMS, or Discuz!.

      • Development framework type, such as ThinkPHP or Django.

      • Component type, such as Apache Shiro or Apereo CAS.

      Security Score

      The security score of the domain name, calculated based on attack trends over the last 30 days on Alibaba Cloud and weighted with threat intelligence data.

      A lower score indicates a higher risk. For domain names with low security scores, we recommend that you add them to WAF for protection as soon as possible to prevent intrusions.

      Protection Status

      Indicates whether the website domain name is protected by WAF. The status can be one of the following:

      • Unprotected: The website domain name is not protected by WAF. We recommend that you enable protection for the domain name. For more information, see Enable protection for a domain name.

      • Partial Protection: This status applies only to wildcard domains (for example, *.example.com) and indicates that some, but not all, subdomains are protected by WAF. We recommend that you check the unprotected subdomains and enable protection for them.

      • Protected: The website domain name is protected by WAF. WAF has detected traffic to the website and is providing comprehensive protection. You can view the asset details of the domain name. For more information, see View asset details.

    Enable protection for a domain name

    For an Unprotected domain name in the asset list, if the domain name belongs to the current Alibaba Cloud account (that is, it is in the Domain Names list of the Alibaba Cloud Domains console), you can click Add Domain Name in the Actions column to automatically add it to WAF for protection.

    Note

    When you add a domain name, if the console displays the message "Another user has used this wildcard domain in Anti-Bot.", it means that the corresponding wildcard domain (for example, *.example.com for www.example.com) has already been added to WAF by another Alibaba Cloud account. You do not need to add it again.

    View asset details

    For a Protected domain name in the asset list, you can click Asset Details in the Actions column to view detailed information about the domain name asset.

    资产详情

    The asset details page contains the following sections:

    • Basic Information: Includes Domain Name, Protocol Type, Protection Status, and Server Address.

    • Site Tree:

      WAF builds a site tree for a protected domain name by analyzing its traffic volume and characteristics to identify and classify URL types. The site tree also uses a big data-based generalization and aggregation algorithm (normalization algorithm) to aggregate and display URLs and parameters. For example, the site tree aggregates the following specific URLs of a news site into the /{character+number}.html URL format:

      • /news1234.html

      • /oldnews1223.html

      • /news1224.html

      • /news124.html

      In the Site Tree section, you can view the aggregated URLs of the domain name asset, parameter names, parameter value types, and the number of URL requests within the last 24 hours.

      Note

      The URLs in the site tree are displayed only at the path level. By default, a maximum of three levels are displayed and sorted by the number of URL requests, with important assets prioritized.

      This section supports the following operations:

      • You can select URL or Extension and enter a keyword to search for a specific URL.

      • In the URL column, you can click a URL with the 文件夹 icon to expand its information.

      • In the Parameter|Value Type column, you can view the parameter names and value types involved in the URL.

        Note

        The parameter information is generalized and aggregated. By default, only three aggregated parameter names and their corresponding value types are displayed. You can move the pointer over the 更多图标 icon in the lower-right corner to view all parameters.