WAF is a cloud firewall service that protects core website data and safeguards the security and availability of your site.
Based on powerful Big Data cloud capabilities and underlying security, WAF provides protection against web-based attacks, including SQL injections, XSS, Malicious BOT, command execution vulnerabilities, and other common web attacks.
Stability and Speed
Easy Deployment: No need to install additional software or to deploy extra hardware. You can access the product and secure your website within minutes
Shorter Response Time: Extremely short response time (milliseconds) for user requests
Improved Monitoring and Service Systems: Offers 24/7 network-wide smart monitoring and scheduling based on service quality
Centrally Defined Protection Rules: Nearly 1,000 protection rules, updated each day across all web applications by a dedicated defense team in order to protect from false positive rates
Patch Synchronization: Offers 0-day web vulnerability patches synchronized globally within 24 hours
Superior Defense: Comprehensive website security protection through precise access controls to provide powerful defense against web/flood attacks
Big Data Security Analysis
Security Protection: Protects thousands of data sensitive websites against millions of web attacks
Global Synchronization: Collaborative defense captures new threats and globally synchronizes protection rules
Big Data Learning Models: WAF utilizes a big data learning model to reduce the rate of false positives
Real-time Metrics of Web Requests: Monitors requests that match your filter criteria and provides real-time metrics for improved visibility of your web traffic, which you can create using new rules and alerts
Monthly Package: Offers monthly subscription with different package versions and feature specifications that you can select depending on your requirements
Immunity Against Common Web Attacks
Protection Rule Policies: Provides high, medium and low-protection rules/policies against common web attacks listed in OWASP.
Meets the needs of different website services regarding common GET and POST HTTP requests.
Defends against SQL injection, XSS, Webshell uploads, command injection, illegal HTTP protocol requests, attacks on common web server vulnerabilities, unauthorized access to core files, and path traversal.
Provides backdoor isolation protection, defense scans, and other security protection.
Website Stealth: Safeguards website address from being exposed to attackers, so that attacks cannot bypass the WAF and attack your website directly.
Regular 0-day Patch Updates: Synchronizes protection rules with Taobao (online shopping platform) and quickly provides patches latest vulnerabilities. These patches are immediately synchronized globally to defend all protected websites.
HTTP / HTTPS Flood / DDoS Attack Mitigation
Precise Access Control: Handles DDoS attacks by controlling frequent access from a single or range of source IP, provides redirect jump verification, and determines whether access requests are tasked by a human operator or a machine. Uses a combination of precise access control filters to control requests with abnormal Referer and User-Agent fields to protect against massive slow request attacks and identify abnormal response codes, IP access, and URL distributions.
Multi-layer Protection: Integrated security modules protect from common web/CC attacks. WAF creates a comprehensive, multi-layer protection mechanism to accurately distinguish between trusted and malicious traffic based on actual needs.
Friendly Observation Mode: Option to enable observation mode for new website services. In this mode, WAF issues warnings for possible attacks that match the protection rules, but does not block them. This lets you collect statistics on the false positive rate of your service.
Prevention Mode: Actively blocks intrusions and attacks detected by its set rules. Attackers' requests are denied and their connection is terminated. This mode continues to log such attacks in the WAF logs file.
Big Data Security
Fully utilizes Alibaba Cloud's advantages in big data security, threat intelligence library, and trusted access analysis models to identify malicious traffic.