You can use the asset center feature of Web Application Firewall (WAF) to identify domain names in and outside Alibaba Cloud and assess risks based on the attack status of the domain names in the cloud. This helps you obtain the overall protection status of your domain names. You can enable protection for high-risk domain names to improve the overall security of your business system.
Step 1: Go to the Asset Center page and authorize WAF to access cloud resources
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. The region can be Chinese Mainland or Outside Chinese Mainland.
In the left-side navigation pane, click Asset Center.
On the Asset Center page, click Enable for Free. In the Tips message, click OK.
NoteYou need to perform this step only once. If you already enabled the asset center feature, skip this step.
Alibaba Cloud automatically creates the AliyunServiceRoleForWAF service-linked role. You can log on to the Resource Access Management (RAM) console to view the service-linked role. For more information, see View the information about a RAM role.
After Alibaba Cloud creates the AliyunServiceRoleForWAF service-linked role, your WAF instance can access the resources of the associated cloud services, such as Elastic Compute Service (ECS), Server Load Balancer (SLB), Alibaba Cloud DNS, Alibaba Cloud CDN, Certificate Management Service, and Simple Log Service.
After you authorize WAF to access cloud resources, WAF automatically identifies domain names within your Alibaba Cloud account and displays the domain names on the Asset Center page.
NoteThe asset center feature can identify domain names that are hosted on and outside Alibaba Cloud. The domain names that are hosted outside Alibaba Cloud include the domain names mapped to servers that are not deployed on Alibaba Cloud and the domain names of servers that are deployed in data centers.
By default, the proactive fingerprint detection feature is enabled for accurate identification. The proactive fingerprint detection feature identifies the fingerprints of assets that are added to WAF by using passive traffic learning and proactive detection. Proactive fingerprint detection is performed once every two weeks to obtain comprehensive and accurate detection results. We recommend that you keep the feature enabled.
Step 2: Add a domain name
If your second-level domain name is not in the asset list, you can add the domain name to WAF.
On the Overview tab of the Asset Center page, click the icon in the upper-right corner of the asset list.
In the Add Asset dialog box, enter the domain name of your website and verify the ownership of the domain name.
The first time you add a domain name to WAF, you must verify your ownership of the domain name. You can add the domain name to WAF only after you prove your ownership of the domain name. For more information, see Verify the ownership of a domain name.
Then, click Add.
Step 3: View domain names
On the Asset Center page, view the details of the domain names.
Data type | Description | Related operations |
Domain name statistics (Figure 1) | The numbers of second-level domain names, subdomains, unprotected subdomains, unprotected high-risk subdomains, unprotected medium-risk subdomains, and unprotected low-risk subdomains within your Alibaba Cloud account. The daily change in the number of subdomains is displayed on the right side of the number of subdomains. | None |
Details of domain names (Figure 2) | WAF aggregates the domain names based on the second-level domain names and displays the aggregated domain names in a list. The following list describes the information about each second-level domain name.
|
|
Step 4: Export domain names
On the Overview tab of the Asset Center page, select the second-level domain names that you want to export and click the icon in the upper-right corner.
On the Export Record tab of the Asset Center page, find the generated file and click Download to download the file.
Before the generated file is automatically deleted, the file is stored on Alibaba Cloud for up to three days.
NoteYou can download domain names by using only an Alibaba Cloud account.