ECS
Object Storage Service (OSS)
PolarDB
Financial Services
Superapp Solution with EMAS
Alibaba DChain for Supply Chain Planning
{"product":"PRODUCTS","solution":"SOLUTIONS","keyword":"KEYWORDS"}
0.0.201
You can select a sub-service, module, or feature from the drop-down list to quickly find the relevant documentation. You can also click the cloud service name at the top of the drop-down list to go to the homepage of the cloud service.
This topic lists some frequently asked questions about Web Application Firewall (WAF).
Category
Question
Features
FAQ about pre-sales consulting
Can I use WAF to protect servers that are not deployed on Alibaba Cloud?
Does WAF support Cloud Web Hosting instances?
Can WAF protect HTTPS services?
Does WAF support custom ports?
What are the restrictions on the ports that can be added to WAF?
Does the QPS limit that is specified for a WAF instance apply to the entire WAF instance or a single domain name that is added to the WAF instance?
Does WAF support mutual TLS authentication?
Does WAF support the WebSocket, HTTP/2, or SPDY protocol?
Is the origin server affected when HTTP/2 services are added to WAF?
What TLS protocols does WAF support?
Can WAF protect websites that use NTLM authentication?
How does WAF improve the access security of business account APIs?
How do crawlers collect information by calling APIs? How do I mitigate the risks?
How does WAF obtain and record the originating IP addresses of clients from custom header fields?
What business security risks exist in the gaming business? How do I mitigate the risks?
What risks might arise when I provide web API services by using a domain name? How do I mitigate the risks?
What measures does WAF take to reduce the risk of data leaks?
What are the main protection engines provided by WAF?
How does WAF intelligently detect and handle normal requests incorrectly identified as web attacks?
How does WAF enhance database security defenses?
Website access configuration
Can I use the internal IP address of an ECS instance as an origin IP address?
Can WAF protect multiple origin IP addresses for one domain name?
How does WAF balance request loads among multiple origin servers?
Does WAF support the health check feature?
Does WAF support the session persistence feature?
Does a delay occur when I change an origin IP address?
What are the back-to-origin CIDR blocks of WAF?
Are back-to-origin CIDR blocks of WAF automatically added to security groups?
Do I need to allow access requests from all client IP addresses?
Can a WAF instance that uses an exclusive IP address defend against DDoS attacks?
Can WAF be deployed together with CDN or Anti-DDoS Proxy?
Can I deploy WAF together with CDN and Anti-DDoS Proxy by using different Alibaba Cloud accounts?
How does WAF ensure the security of an uploaded certificate and the private key of the certificate? Does WAF decrypt HTTPS traffic and record the content of HTTPS requests?
A domain name is added to WAF. Why am I unable to find the domain name in the domain name list?
Can a domain name be added to WAF in both CNAME record mode and transparent proxy mode?
What do I do if a domain name that has been added to WAF no longer requires the protection of WAF?
Can the origin server of a domain name obtain the actual client IP addresses after the domain name is added to WAF in transparent proxy mode?
If the SSL certificate bound to a port is updated, do I need to re-upload the certificate in the WAF console?
If a domain name is hosted on multiple SLB instances, how do I add the domain name to WAF in transparent proxy mode?
If multiple domain names are hosted on an SLB instance, what happens if I add only one of the domain names to WAF in transparent proxy mode?
Why am I unable to find the Layer 7 SLB instance that I want to add to WAF in transparent proxy mode?
What are the main security risks of APIs and their possible impacts? How do I mitigate the risks?
Website protection configuration
How do I use WAF to defend against HTTP flood attacks?
How long does it take for configuration modifications in the WAF console to take effect?
When I configure custom protection policies (ACL policies), can I enter CIDR blocks in the IP field?
Why does a custom protection policy whose URL match field contains a double forward slash (//) not take effect?
What risks might be associated with HTTP response code leaks? How do I mitigate the risks?
If a domain name hosted on a SLB instance is added to WAF, how can I prevent the requests that are destined for the domain name from bypassing WAF?
Website protection analysis
Can I view the source IP addresses of HTTP flood attacks in the WAF console?
How do I query the bandwidth usage of WAF?
Website access
How do I troubleshoot website access exceptions?
How do I troubleshoot HTTPS access issues
HTTPS access exceptions arising from SNI compatibility ("Certificate not trusted")
How to handle ECS intrusion?
What do I do if blackhole filtering is triggered for my WAF instance?
Service configuration
Supported domain suffixes
If my website receives requests over an unconfigured port, is the origin server threatened?
WAF access traffic flow
Emergency Mode of HTTP Flood Protection
How do I troubleshoot 405 errors?
Fault analysis
What do I do if services on non-standard ports cannot be added to WAF of the Pro edition?
What do I do if "The HTTPS private key format is invalid" appears when I upload an HTTPS certificate file?
How do I handle the mismatch between a certificate and its private key?
File upload requests blocked by Alibaba Cloud WAF
How to fix the logon status loss issue?
What do I do if a persistent connection times out?
Why am I unable to access miniapps on a website that I added to WAF?
Why am I unable to access the website that I added to WAF by using specific clients?
Services
Alibaba Cloud DNS version of WAF
Others
Common web vulnerabilities
Why am I unable to directly access a CNAME provided by WAF?
Differentiate between crawler attacks and HTTP flood attacks
Live-chat with our sales team or get in touch with a business development professional in your region.
Open a ticket and get quick help from our technical team.
We look forward to your suggestion.