Module | Feature | Description | Enabling method | Reference |
Web Security | Protection rules engine | This feature protects your websites against common web attacks based on built-in protection rules. The common web attacks include SQL injection, cross-site scripting (XSS) attacks, webshells, command injection, backdoor isolation, invalid file requests, path traversal, and exploitation of common vulnerabilities. | The feature is enabled by default after you add a domain name. | Configure the protection rules engine feature Best practices for the protection rules engine |
Protection rule group | The feature allows you to combine protection rules to create a custom rule group and apply the group to specific websites based on your business requirements. Note You can create a custom rule group for only the protection rules engine. | You must enable this feature after you add a domain name. | Customize protection rule groups Best practices for using custom rule groups to provide enhanced protection |
Website tamper-proofing | The feature helps you lock specific web pages, such as those that contain sensitive information. When a locked web page is requested, the page cached in WAF is returned. This prevents the tampering of the web pages. | You must enable this feature after you add a domain name. | Configure the website tamper-proofing feature |
Data leakage prevention | The feature filters content, such as abnormal pages and keywords, returned from the servers to websites and masks sensitive information, such as identity card numbers, bank card numbers, phone numbers, and sensitive words. WAF then returns masked information or default error pages to visitors. | You must enable this feature after you add a domain name. | Configure data leakage prevention |
Positive security model | The feature uses Alibaba Cloud machine learning algorithms to automatically analyze the normal network traffic of a website. It then generates security protection policies tailored for the website based on the collected data. | You must enable this feature after you add a domain name. | Configure the positive security model |
Bot Management | Allowed crawlers | The feature maintains a whitelist of allowed search engines, such as Google, Bing, Baidu, Sogou and Yandex. The crawlers of these search engines are allowed to access specified domain names. | You must enable this feature after you add a domain name. | Configure the allowed crawlers feature |
Bot threat intelligence | The feature provides information about suspicious IP addresses of dialers, on-premises data centers, and malicious scanners based on the powerful computing capabilities of Alibaba Cloud. This feature also maintains a dynamic IP library of malicious crawlers and prevents crawlers from accessing your websites or specific directories. | You must enable this feature after you add a domain name. | Configure bot threat intelligence rules |
Data risk control | The feature protects crucial website services, such as registrations, logons, campaigns, and forums, against fraud. | You must enable this feature after you add a domain name. | Configure data risk control |
Application protection | The feature provides secure connections and anti-bot protection for native applications. This feature also identifies proxies, emulators, and requests with invalid signatures. | You must enable this feature after you add a domain name. | Configure application protection |
Access Control/Throttling | HTTP flood protection | This feature helps you defend against HTTP flood attacks and provides protection policies in different modes. | The feature is enabled by default after you add a domain name. | Configure HTTP flood protection Best practices for preventing HTTP flood attacks |
IP address blacklist | The feature blocks access requests from specified IP addresses, CIDR blocks, and IP addresses in specified regions. | You must enable this feature after you add a domain name. | Configure a blacklist |
Scan protection | The feature automatically blocks access requests that have specific characteristics. For example, if the source IP address of requests initiates multiple web attacks or targeted directory traversal attacks in a short period of time, WAF automatically blocks the requests. Source IP addresses are also blocked if they are from common scan tools or the Alibaba Cloud malicious IP library. | You must enable this feature after you add a domain name. | Configure scan protection |
Custom protection policies | The feature allows you to customize access control rules and configure rate limiting based on precise match conditions. | You must enable this feature after you add a domain name. | Configure a custom protection policy |
Protection Lab | Account security | The feature allows you to monitor user authentication-related interfaces, such as the endpoints used for registration and logon, and to detect events that may pose a threat to user credentials. These threats include credential stuffing, brute-force attacks, spam registration, weak password sniffing, and SMS flood attacks. | You must enable this feature after you add a domain name. | Configure account security Account security best practices |
Whitelists | Website whitelist | After you configure a rule, requests that match the rule bypass all protection features and are directly forwarded to origin servers. | You must enable this feature after you add a domain name. | Configure a website whitelist |
Web intrusion prevention whitelist | After you configure a rule, requests that match the rule bypass specified protection features, such as the protection rules engine feature. | You must enable this feature after you add a domain name. | Configure a whitelist for web intrusion prevention |
Data security whitelist | After you configure a rule, requests that match the rule bypass specified protection features, such as website tamper-proofing, data leakage prevention, and account security. | You must enable this feature after you add a domain name. | Configure a whitelist for Data Security |
Bot management whitelist | After you configure a rule, requests that match the rule bypass specified protection features, such as bot threat intelligence, data risk control, intelligent algorithm, and application protection. | You must enable this feature after you add a domain name. | Configure a whitelist for Bot Management |
Access control and throttling whitelist | After you configure a rule, requests that match the rule bypass specified protection features, such as HTTP flood protection, IP address blacklist, scan protection, and custom protection policy. | You must enable this feature after you add a domain name. | Configure a whitelist for Access Control/Throttling |