edit-icon download-icon

WAF user manual

Last Updated: Jan 15, 2018

Currently, Alibaba Cloud WAF supports HTTP and HTTPS (Advanced Edition and higher) web security protection, and only supports traffic on Port 80 and Port 443.

Procedure

Follow these steps to go through the basic functions of WAF.

  1. Go to the Alibaba Cloud console > Security > Web Application Firewall. You can view the edition and expiration date of WAF in the upper right corner of the page. You can then select whether to renew or update the product accordingly.

  2. You can view the status and updated information of the Web attack, HTTP flood attack, and access control event, under Attack Protection window.

  3. In the Message area, you can view updates about protection rules. The protection rules are updated constantly as WAF continuously detects and blocks the new vulnerabilities.

  4. Click Domain Configuration to view current configuration information for your website such as domain name, CNAME, origin site IP address, security protection status, security configuration, and so on.

    Domain info

  5. On the Domain Configuration page, you can add, edit, and delete domain-related configurations. Once the configuration is successful, resolve the DNS of the domain name to the CNAME address provided by WAF.

    Domain configuration

  6. Select the domain name, and click HTTP ACL Policy to enter the security protection configuration page, where you can add or modify security settings.

    HTTP ACL policy enables you to customize business protection based on access control rules. When you customize the access control rules, you can combine the IP address, URL, UA, Referrer, and other conditions to select the action policy.

    Add rules

    You can click Sort Rules to sort the rules.

  7. Click Security Report to view reports on corresponding attack details, including the Web Application Protection report, the HTTP Flood report, and the HTTP ACL Event log.

  8. Click Business Analysis to view the business analysis diagrams. The previous day’s data statistics are the data sources for the business analysis diagrams.

    Note: Only the Business Edition and the Enterprise Edition support business access analysis.

Thank you! We've received your feedback.