Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.
- Fast Response and Stability Connected to Chinese ISPs through multiple BGP connections allowing for high availability. WAF supports optimal path selection and allows your servers to respond within milliseconds.
- Professional Protection Operated by professional security groups, WAF fixes zero-day vulnerabilities within 24 hours. WAF also supports multi-dimensional protection to efficiently prevent Challenge Collapsar (CC) attacks.
- Business Risk Prevention Supports multiple business risk prevention features, including anti-crawler, anti-rush, and anti-sabotage protection.
- Comprehensive Reports Offers detailed reports to ensure a quick, comprehensive understanding of the security status of the website.
Web Application Protection
Provides anti-attack solutions for Web applications. Virtually patches zero-day vulnerabilities and offers website stealth service.
Common OWASP Attack Prevention
Provides multiple protection policies to prevent SQL injection attacks, cross site scripting attacks, and web-shell uploading. Our service supports backdoor quarantine, and defends against command injection, illegal HTTP requests, common web server vulnerability exploiting, unauthorized access to core data, Path Traversal attacks, and vulnerability scanning.
Zero-Day Vulnerability Protection
WAF supports automatic protection to secure your servers. Our professional protection team provides virtual patching service to fix high-risk zero-day vulnerabilities within 24 hours.
Uses DNS to redirect traffic to prevent server IP addresses from being exposed. Attack traffic cannot pass around WAF to reach your servers.
CC Attack Prevention
Filters out bot traffic to guarantee the server performance.
Precise Protection with Low False Positive Rate
WAF does not directly blocks IP addresses that send requests too frequently. Instead, WAF recognizes suspicious activities based on URL requests, response code, and other signatures.
100% Malicious Request Recognition and Blocking
Recognizes attack signatures in common fields of request headers, including the IP, URL, User-Agent, and Referer fields.
User-defined Rules for Business Protection
The Enterprise Edition allows you to set rules to define the frequency of requests sent to a URL.
Powerful Threat Intelligence
Supports customized attack protection based on large amounts of IP address blacklists and crawler databases.
Supports risk control, anti-crawler, and anti-rush to protect your business.
Supports quick configuration to automatically protect your servers, without the need to modify the source code of your servers or call the APIs.
Satisfying User Experience
No verification is required for requests sent from user web browsers or applications. “Slide to verify” verification is required for suspicious requests that may be sent from bots. Precise Interception. Powerful device fingerprinting and bot recognition capabilities help to maintain normal business operations.
Supports device fingerprints and bot recognition to ensure the operations of your business.
Quick origin fetching over HTTP or HTTPS to reduce the load on the origin site.
Quick HTTP-HTTPS Migration
To migrate your website from HTTP to HTTPS, you only need to upload the certificates private key. You do not need to change the configurations of your server.
Origin Fetching over HTTP.
Supports origin fetching-based HTTPS-HTTP redirection to reduce the load on your origin site and improve business performance.
HTTP and HTTPS Access Control
Supports multi-dimensional and precise HTTP and HTTPS traffic throttling.
IP-based Access Control
Supports blocking and whitelisting of specified IPs, network segments, and malicious IPs.
URL-based Access Control
Supports blacklisting and whitelisting of specified URLs.
Variant CC Attack Prevention
Prevents variant CC attacks, such as WordPress pingbacks.
Blocks malicious requests, including python and libcurl requests.
Only allows specified IP addresses to access certain URLs. For example, only administrators can log on to the back end.
Secures website resources against malicious links from other web pages and malicious requests bound for non-existent links.
Malicious Request Protection
Intercepts malicious requests bound for non-existent links, and blocks mass attacks targeting at URLs that do not exist.
The Enterprise Edition allows you to block IP addresses in specified geographical locations.
All logs support quick query.
Smart Log Query
All logs support smart query. This service allows you to search unusual requests and attack interception records with ease. You can obtain the status of your business running on your website.
Offers anti-crawler and anti-rush protection.
Blocks malicious Bot abuse.
Attacks may cause a sharp increase in text message registration fees. Attackers maliciously crawl the business data and log on to the interface to obtain user data.
Protects against Malicious Crawlers
Detects common crawlers and helps you to protect core text and product prices.
Tackles Fake Messaging-Interface Traffic
Handles message flooding and curbs rising data charges.
Defense against Malicious Bot Abuse
Malicious bot abuse disables website platform services, leading to reduced user satisfaction.
CC Attack Protection
Protects your website resources against large amounts of CC attacks.
Competitors may attack your website. Attackers may try to extort money from you by initiating a large number of malicious CC requests. These requests occupy or consume critical server resources, including CPU, memory, or bandwidth, creating a server performance bottleneck. This may cause slow website response or website malfunction.
Protection against Zombie-based CC Attacks
Attackers use CC attack software to control large numbers of zombies and launch attacks.
Protection against Agent CC Attacks
Attackers use proxy servers to forge website requests.
Data Leakage Prevention
Prevents core data leakage.
Attackers scan websites to exploit web page vulnerabilities. By manually executing malicious SQL statements, attackers can penetrate and log on to your databases to obtain core website data.
Protection against SQL Injection Attacks.
SQL injection uses malicious code for backend database manipulation to access core data and private data of the user.
Prevention against Unauthorized Scanning.
Attackers can exploit vulnerabilities using security scanning tools or after researching the website business interface.
Related Products and Services
Prevention against Website Defacement, Trojans, and Backdoors
Protects your website from website defacement, trojans, and backdoors.
Attackers may penetrate and inject your website to obtain admin privileges and upload trojans or backdoors. They may leave hidden links on web pages or tamper with web page content. This damages the company's reputation and may cause economic losses.
Prevention against Trojan Injection.
Attackers may scan the vulnerabilities and upload trojans.
Protection against Page Defacement.
Protects the pages from malicious injection of illicit content.
Related Products and Services
Virtual Patches for Zero-Day Vulnerabilities
Virtually patches vulnerabilities to ensure web security.
After a web security vulnerability is exposed on a public platform, you may not be able to fix it timely. Therefore, you need a virtual patch to immediately defend against vulnerability attacks.
Certification course: Protect Your Web Application on Alibaba Cloud
Understand application security and common network attacks. You will master the core skills of application security on the cloud, including how to access Alibaba Cloud WAF, avoid tampering website, prevent CC attacks, and how to conduct business risk management.View Details
Upgraded Support For You
1 on 1 Presale Consultation, 24/7 Technical Support, Faster Response, and More Tickets.