Web Application Firewall (WAF) provides end-to-end security protection for your websites or apps. WAF identifies, scrubs, and filters out malicious web traffic, and then forwards normal traffic to your origin servers. This protects your origin servers against attacks and ensures data and service security.
|Service specifications||WAF provides four editions: Pro Edition, Business Edition, Enterprise Edition, and Exclusive Edition. All of these editions can protect websites by monitoring and filtering HTTP and HTTPS traffic.|
|Web application protection||Protection against common web application attacks||
|Protection against HTTP flood attacks||
|Fine-grained access control||
|Virtual patching||Before the patches for web application vulnerabilities are released or installed, you can adjust web protection rules to protect your services.|
|Attack event management||WAF allows you to manage attack events based on statistical data, such as attack events, attack traffic, and attack scales.|
|Flexibility and reliability||
For more information, visit the product page of Web Application Firewall.
|More than 10 years of web security experience||
|Protection against HTTP flood attacks and crawler attacks||
|Integration with big data capabilities||
|Ease of use and reliability||
WAF is suitable for all users on and outside Alibaba Cloud. WAF helps protect web applications in industries such as finance, e-commerce, online-to-offline (O2O), Internet Plus, gaming, public services, and insurance.
Use of WAF
- CNAME record mode
You can add your website to WAF in CNAME record mode regardless of whether your origin servers are deployed in the cloud or on on-premises machines.
The CNAME record mode allows you to use WAF by adding the domain name of the website that you want to protect to WAF and changing the DNS record. This way, traffic traveling to the website is forwarded to and protected by WAF. For more information, see Add a domain name.
- Transparent proxy mode
If your origin server is an Elastic Compute Service (ECS) instance or is added to an Internet-facing Server Load Balancer (SLB) instance, you can use either the CNAME record mode or the transparent proxy mode to add your website. The transparent proxy mode is based on cloud-native technologies.
The transparent proxy mode allows you to use WAF by adding the domain name of the website that you want to protect to WAF without changing the DNS record. This way, traffic traveling to the website is forwarded to and protected by WAF.
WAF has passed various authoritative certifications. The certifications include ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 29151, BS 10012, Cloud Security Alliance (CSA) STAR certification, Cybersecurity in China Multi-level Protection Scheme (MLPS 2.0) Level III, Service Organization Control (SOC) 1, 2, and 3, Cloud Computing Compliance Controls Catalog (C5), Green Finance Certification Scheme developed by Hong Kong Quality Assurance Agency (HKQAA), Outsourced Service Providers Audit Report (OSPAR), and Payment Card Industry Data Security Standard (PCI DSS).