Web Application Firewall (WAF) provides the asset discovery feature. This feature identifies domain names in and outside the cloud and calculates the security scores of the domain names. This feature helps you monitor the overall situation of all domain names. You can enable protection for the domain names that have low security scores. This improves the overall security of your business system.
A WAF instance that resides in the Chinese mainland is purchased.
Network application assets are the most important carrier of network applications in a security management system and are the most fundamental components in a business system. As enterprise business rapidly develops, more business systems are used. A single enterprise may have multiple business systems, and employees may forget to release resources after they build websites or test environments. As a result, business systems may contain unmanaged zombie assets. The most vulnerable part of a business system determines the overall security of the system. In most cases, zombie assets use outdated versions of open source systems, components, or web frameworks, which have common vulnerabilities. Attackers can exploit these vulnerabilities to invade the internal network of an enterprise.
View domain names
- Log on to the WAF console.
- In the top navigation bar, select Mainland China. Important Only WAF instances that reside in the Chinese mainland support the asset discovery feature.
- In the left-side navigation pane, choose .
- Authorize WAF to access cloud resources. Before you can use the asset discovery feature of WAF, you must authorize WAF to obtain the website information from cloud services in your Alibaba Cloud account. You must also authorize WAF to manage the Domain Name System (DNS) records of the domain names that are hosted in Alibaba Cloud DNS. Alibaba Cloud automatically creates the AliyunServiceRoleForWAF service-linked role. This role allows WAF to access cloud resources. You need to perform authorization only once.
If you have performed authorization, skip this step.
After WAF is authorized to access cloud resources, WAF automatically discovers domain names in your Alibaba Cloud account and displays the domain names on the Asset Discovery page.
- Click Authorized activation.
- In the Tips message, click OK. After you click OK, Alibaba Cloud automatically creates the AliyunServiceRoleForWAF service-linked role.To view the service-linked role, log on to the RAM console and choose in the left-side navigation pane. After Alibaba Cloud creates the service-linked role AliyunServiceRoleForWAF, your WAF instance can access the associated cloud resources, such as ECS instances, ALB and CLB instances of SLB, Alibaba Cloud DNS, Alibaba Cloud CDN, SSL Certificates Service, and Log Service.
- On the Asset Discovery page, view the domain names that are discovered by WAF. WAF aggregates the domain names based on the second-level domain names and displays the aggregated domain names in a list. You can perform the following operations to view domain names:
The following table describes the information of each domain name.
- Specify a protection state above the list of domain names to search for domain names. Unprotected, Partial Protection, and Protected are supported.
- Enter a keyword in the search box above the list of domain names to search for domain names. Fuzzy match is supported.
- In the list of domain names , click the icon to the right of a second-level domain name to show all subdomains that belong to the second-level domain name. Then, you can view the asset information about each subdomain. Example of a second-level domain name: example.com. Example of a subdomain: www.example.com.
Parameter Description Domain Name The domain name of the website. Server IP The IP address and CNAME of the origin server. Port The port that is used by the origin server. Protocol The protocol that is used by the origin server. HTTP and HTTPS are supported. Fingerprint The fingerprint of the origin server. The fingerprint contains the following information:
- Programming language, such as Java, PHP, or ASP
- Middleware, such as NGINX, Apache, or Tomcat
- Open source or commercial application, such as WordPress, DedeCMS, or Discuz!
- Development framework, such as ThinkPHP or Django
- Component, such as Apache Shiro or Apereo CAS
Security Score The security score of the domain name. The score is a weighted security score, which is calculated based on the trend of attacks in the cloud within the last 30 days and threat intelligence.
A lower security score indicates a higher risk. If your domain name has a low security score, we recommend that you add your domain name to WAF at the earliest opportunity.
Protection Status Indicates whether the domain name is protected by WAF. Valid values:
- Unprotected: The domain name is not added to WAF. In this case, we recommend that you enable protection for the domain name. For more information, see Enable protection for a domain name.
- Partial Protection: This state is available only for wildcard domain names, such as *.example.com. In this state, some domain names that belong to a wildcard domain name are protected by WAF. In this case, we recommend that you add the unprotected domain names that belong to the wildcard domain name to WAF at the earliest opportunity.
- Protected: The domain name is protected by WAF. WAF detects the traffic that is destined for the domain name and protects the domain name. You can view the asset details of the domain name. For more information, see View asset details.
Enable protection for a domain name
If a domain name in the asset list is in the Unprotected state and the domain name belongs to your Alibaba Cloud account, you can click Add for Protection in the Operation column to add the domain name to WAF for protection. To check whether the domain name belongs to your Alibaba Cloud account, log on to the Domains console and check whether the domain name is displayed on the Domain Name List page. If the domain name is displayed on the page, the domain name belongs to your Alibaba Cloud account.
View asset details
If a domain name is in the Protected state, you can click Asset Details in the Operation column to view the details about the domain name.
- General Information: This section displays Domain Name, Protocol, Protection Status, and Server IP.
- URL Tree:WAF analyzes and classifies the URLs of protected domain names based on the amount and characteristics of traffic collected by WAF. The URLs and parameters in the URLs are aggregated based on data normalization. For example, WAF aggregates the URLs of the following news sites to a URL in the
In the URL Tree section, you can view the aggregation results. The results include the URLs, the parameters in each URL, the value type of each parameter, and the number of times that each URL is requested within the last day.Note Only the paths in URLs in the site tree are displayed. By default, a maximum path depth of three is allowed in the displayed URLs. The URLs are sorted in descending order of request frequency.In this section, you can perform the following operations:
- To search for URLs, select URL or File Extension from the drop-down list. Then, enter a keyword and click Search.
- In the URL column, click the URL for which the icon is displayed to show the information about the URL.
- In the Parameter|Data Type column, view the names and value types of the parameters that are specified in a URL. Note The parameter information is aggregated. By default, the names and value types of only three parameters are displayed. You can move the pointer over the icon in the lower-right corner to view all the parameters.