Web Application Firewall (WAF) has a built-in mobile phone number reputation library to help prevent threats, such as spam user registration and marketing fraud. WAF compares mobile phone numbers or the MD5 hash values of phone numbers with the reputation library. If specific requests match suspicious behavior tags, WAF requires slider CAPTCHA verification, blocks the requests, records the requests, or adds tags to the requests.
Prerequisites
Web services are added to WAF on the Website Configuration page. For more information, see Website configuration overview.
Bot management for website protection or app protection is enabled and the risk identification feature is enabled.
Billing
If you configure rules and traffic hits the rules, you are charged based on the number of hits. You are charged USD 0.007 per hit.
If you enable the risk identification feature and do not configure rules, you are not charged. If you configure rules but no traffic hits the rules, you are not charged.
You are charged when you use the risk identification feature. Fees for the risk identification feature are included in the bills of WAF. Bills are generated on a daily basis.
Configure risk identification
In the Create Scenario-specific Protection Template - Bot Management panel, you can configure the risk identification feature in the Configure Protection Rules step. For more information, see Create an anti-crawler rule for websites and Create an anti-crawler rule for apps.
Configuration description
Account retrieval: If the GET method is used and the request parameter is username=158***&password=***, select Query Parameters from the Location drop-down list and enter username in the Parameter Name field. This way, WAF can retrieve information about mobile phone numbers.
Risk tags and levels
Risk tag
Description
Suspicious sock puppet account
A sock puppet poses as a third party independent of the main account operator. By default, the risk level is high.
Fraud risk
Mobile phone numbers that were involved in fraud are detected. By default, the risk level is high.
Spam user registration
Mobile phone numbers that are suspected of using illegal tools to create accounts for marketing activities are detected. By default, the risk level is high.
Marketing fraud
Mobile phone numbers that are suspected of using illegal tools in marketing activities, such as creating multiple accounts at the same time to obtain coupons, are detected. By default, the risk level is high.
Auto-purchase bot
Mobile phone numbers that are suspected of using illegal tools in flash sales, such as ticket grabbing, are detected. By default, the risk level is high.
The risk level can be high, medium-high, and medium. You can specify a risk level based on your business requirements.
Actions
Action
Description
Monitor
Records requests that match the rules in logs without blocking the requests.
Block
Blocks requests that match the rules and returns a block page to the client who initiated the requests.
Slider CAPTCHA verification
Requires slider CAPTCHA verification. Requests are allowed only after the client passes the verification. After the client passes the verification, WAF sends acw_sc_v3 cookie and slider CAPTCHA verification is not required in the next 30 minutes.
Strict slider CAPTCHA verification
Requires slider CAPTCHA verification when requests match the rules.
Add tag
Adds tags to requests that match the rules by using custom headers and forwards the requests to the origin server. Users can use the backend risk control system to handle the requests.