Dynamic Content Delivery Network (DCDN) is integrated with Web Application Firewall (WAF) to provide security services on points of presence (POPs). WAF identifies and filters out malicious requests and then forwards only legitimate requests to origin servers. WAF can protect web servers against intrusions, secure important business data, and prevent server anomalies that are caused by attacks.
Benefits
The new version of WAF is resulted from the deep integration of the cloud-native architecture of the core WAF engine and POPs. The integration provides new protection capabilities to WAF and an overhauled console. Protection settings are more streamlined and accessible in the console, which provides a more user-friendly experience.
Compared with the old version of WAF Enterprise Edition, the new version provides the following benefits:
New cloud-native architecture
The WAF engine is integrated into POPs. All traffic that flows through DCDN can be protected by WAF. Protection settings, such as the web regular expression engine and custom protection rules, are implemented on all DCDN POPs to form a wide protection network around the world.
New protection configurations
WAF allows you to configure protection policies that meet your business requirements. WAF also streamlines your workflow by allowing you to batch configure and apply protection policies and protection rules for protected domain names.
NoteProtected domain name: the domain name that is added to the new version of WAF.
Protection policy: a collection of protection rules. You can configure a default policy to uniformly apply a set of predefined rules to domain names that you added to WAF. You can also create custom protection policies based on your business requirements.
Protection rule: a rule that is defined in a protection policy, such as the medium rule group (protection rule) in web regular expression protection or the custom rule for access control.
New pay-as-you-go billing method
The new version of WAF generates bills every hour based on security capacity units (SeCUs), which provides a simple and straightforward mechanism to quantify resource usage and simplifies the billing process.
Features of the new version of WAF
The following table describes the website protection configurations that are supported by the new version of WAF.
Feature | Subfeature | Supported by the new version of WAF |
Domain name management | Configuration management | Yes |
Whitelist | Whitelist for precise access control | Yes |
Web security | Regular expression protection Zero-day attack protection | Yes |
Block and warning modes Decoding and analysis of request data in specific formats | Yes | |
Custom rule groups for regular expression protection | Yes | |
Access control and throttling | IP blacklist | Yes |
Region blacklist | Yes | |
Custom protection policy | Yes | |
Scan protection | Yes | |
Monitoring reports | Overview and reports | Yes |
Log service | Real-time logs | Yes |
Bot management | Allowed crawlers | Yes |
Bot threat intelligence | Yes | |
Crawler whitelist | Yes | |
Application protection | Yes | |
Actions | Verification code and custom response | Yes |
Billing
The new version of WAF uses SeCUs as billing units and supports the pay-as-you-go billing method and resource plans. For more information, see Billing of WAF (new version).
To purchase a WAF plan (new version), go to the buy page.
Is my active WAF subscription affected by the release of the new version of WAF?
No. An Alibaba Cloud account can use only one WAF instance. If you enable the new version of WAF, the old version of WAF Business Edition is hidden and becomes unavailable. If you have enabled the old version of WAF Business Edition, the new version of WAF is hidden. You can continue to use the old version of WAF Business Edition. Alibaba Cloud provides migration plans for users who want to migrate data from the old version of WAF Business Edition to the new version of WAF.