Web Application Firewall (WAF) provides the asset center feature. You can use the feature to discover domain names on and outside the cloud and assess risks based on the attack status of the domain names on the cloud. This helps you obtain the overall protection status of your domain names. You can enable protection for high-risk domain names to improve the overall security of your business system.

Background information

After WAF is authorized to access cloud resources within the current Alibaba Cloud account, the asset center feature reads the configurations of Alibaba Cloud services, such as Certificate Management Service and Alibaba Cloud DNS. Then, the feature works with big data-enabled correlation analysis to discover domain names on and outside the cloud and identify risks based on the obtained configurations. This helps you manage external attack surfaces and improve the overall security of your business system.

Note The asset center feature can identify domain names that are hosted on and outside Alibaba Cloud. The domain names hosted outside Alibaba Cloud include the domain names mapped to servers that are not deployed on Alibaba Cloud and the domain names of servers that are deployed in data centers.

The asset center feature is in public preview and can be used free of charge.

Go to the Asset Center page

  1. Log on to the WAF 3.0 console.
  2. In the top navigation bar, select the resource group and the region to which the WAF instance belongs. You can select the Chinese Mainland or Outside Chinese Mainland region.
  3. In the left-side navigation pane, click Asset Center.
  4. On the Asset Center page, click Enable for Free. In the Tips message, click OK.

    After you click OK, Alibaba Cloud automatically creates the AliyunServiceRoleForWAF service-linked role.

    To view the service-linked role, log on to the RAM console and choose Identities > Roles in the left-side navigation pane. After Alibaba Cloud creates the service-linked role AliyunServiceRoleForWAF, your WAF instance can access the associated cloud resources, such as ECS instances, ALB and CLB instances of SLB, Alibaba Cloud DNS, Alibaba Cloud CDN, SSL Certificates Service, and Log Service. AliyunServiceRoleForWaf

    After WAF is authorized to access cloud resources, WAF automatically discovers domain names within your Alibaba Cloud account and displays the domain names on the Asset Center page.

    Note Before you can use the asset center feature, the AliyunServiceRoleForWAF service-linked role must be created. After the service-linked role is created, WAF can obtain the website information from cloud services within your Alibaba Cloud account and manage the Domain Name System (DNS) records of the domain names that are hosted on Alibaba Cloud DNS. You need to perform authorization only once. If the authorization is complete, skip this step.

Add a domain name

If your second-level domain name is not in the asset list, you can manually add the second-level domain name to WAF.

  1. On the Overview tab of the Asset Center page, click Add Asset.
  2. In the Enter Domain Name step in the Add Asset wizard, enter the domain name and click Next.
  3. Add the TXT record based on the Record Type, Host Name, and Record Value that are provided in the Verify DNS step.

    For example, if you use Alibaba Cloud DNS, you can log on to the Alibaba Cloud DNS console and configure the TXT record based on the DNS record provided in the Verify DNS Record step. For more information, see Add a DNS record.

  4. Click Add.

View domain names

On the Overview tab of the Asset Center page, view the domain names that are discovered by WAF.
WAF aggregates the domain names based on the second-level domain names and displays the aggregated domain names in a list. The following table describes the information about each second-level domain name.
Parameter Description
Second-level Domain Name The second-level domain name of the website.
IP Address The IP address or CNAME of the origin server.
Protected Subdomains The number of subdomains that are protected by WAF.
Unprotected Subdomains The number of subdomains that are not protected by WAF, and the numbers of high-risk, medium-risk, and low-risk subdomains.
You can use one of the following methods to view the information about a second-level domain name:
  • Enter a keyword in the search box above the list of second-level domain names to search for second-level domain names. Fuzzy search is supported.
  • In the list of second-level domain names, click the down icon to the left of a second-level domain name to show all subdomains that belong to the second-level domain name. Then, you can view the information about each subdomain. Example of a second-level domain name: example.com. Example of a subdomain: www.example.com.
    The following table describes the information about each subdomain.
    Parameter Description
    Subdomain The subdomain of the website.
    IP Address The IP address or CNAME of the origin server.
    Fingerprint The fingerprint information about the origin server, which is obtained based on passive traffic analysis and proactive fingerprint detection.

    The switch of proactive fingerprint detection is automatically turned on after you enable the asset center feature. You can turn on or off the switch in the upper-right corner of the domain name list.

    Severity The risk level of the subdomain. The risk level is obtained based on the attack trend within the previous 30 days on the cloud and threat intelligence data. If the risk level of the subdomain is high, we recommend that you add the subdomain to WAF at the earliest opportunity.
    Status The protection status of the subdomain. Valid values:
    • Not Added: The subdomain is not added to WAF. We recommend that you add the subdomain to WAF.
    • Added: The subdomain is added to WAF. WAF detects the traffic that is destined for the subdomain and protects the subdomain.
    Actions
    • Add: If you click Add, the Website Configuration page appears.
    • Details: If you click Details, the Details panel appears. In the panel, you can view the details about cloud attacks.
    • You can select a protection state above the list of subdomains to search for subdomains. Added and Not Added are supported.
    • You can select a risk level above the list of subdomains to search for subdomains. High, Medium, and Low are supported.
    • You can enter a keyword in the search box above the list of subdomains to search for subdomains. Fuzzy search is supported.

Export domain names

  1. On the Overview tab of the Asset Center page, select the second-level domain name that you want to export and click the export icon in the upper-right corner to download the domain name asset.
  2. On the Export Record tab of the Asset Center page, click Download to download the file of the domain name asset.
    The exported file is stored on Alibaba Cloud for up to three days before the file is automatically deleted. View or download the file within the three days.