Hello everyone! I am Ohara from the Technical Sales Department.
This article will introduce the features and functions of Alibaba Cloud Web Application Firewall (Alibaba Cloud WAF), a WAF service provided by Alibaba Cloud (Alibaba Cloud).
※ This article is based on the 2021 international version of Alibaba Cloud WAF.
Table of Contents
Alibaba Cloud is committed to developing security products to protect Alibaba Cloud’s services from various external network attacks.
Alibaba Cloud WAF (Web Application Firewall), one of its security products, is an evolutionary service with a highly defensive mechanism developed by Alibaba Cloud based on more than ten years of security experience and rooted in big data technology.
Alibaba Cloud WAF can be installed not only on Alibaba Cloud, but also on systems deployed locally (On-Premise), VPS (Virtual Private Server), and servers provided by other cloud service providers. It only needs to switch DNS to install it, without being restricted by the installed infrastructure environment.
●Defense against zero-day attacks
・By dynamically updating defense rules within 24 hours, you can quickly respond to risks.
●Website hiding
・By adding WAF in front of DNS to redirect network traffic, you can hide and protect websites from intruders.
●Defense against OWASP attacks
・Provide various protection rules and prosecution functions to correctly judge and defend against known attacks such as SQL injection.
●Add HTTPS function
・You can add HTTPS function to your website by simply uploading a private key file.
●Control access
・Through multi-layer protection, you can quickly discover information collection activities in preparation for intrusion and intercept or block them.
●Accurately determine malicious access
・Ability to accurately identify malicious access through robots and other means, and evaluate when it is blocked.
●Customized policies
・Defense rules can be freely changed and updated as needed.
Alibaba Cloud WAF has 4 versions, which can be selected based on processing power, defense functions, and application scenarios.
For example, you can start with the Professional version, and then choose to change versions as the amount of web access increases, and you can flexibly expand according to your own use and situation.
| Features | Summary | Pro Edition | Business Edition | Enterprise Edition | Exclusive Edition (submit tickets to purchase) |
| Peak request rate | – | 2,000 QPS | 5,000 QPS | Above 10,000 QPS | 5,000 QPS |
| Maximum bandwidth | The source server is deployed on Alibaba Cloud | 50 Mbit/s | 100 Mbit/s | 200 Mbit/s | 100 Mbit/s |
| The source server is not deployed on Alibaba Cloud | 10 Mbit/s | 30 Mbit/s | 50 Mbit/sec | 30 Mbit/s | |
| The maximum number of domains supported by default | – | 1 | 1 | 1 | 1,000 |
| Default maximum number of subdomains supported | Support wildcard domains | 10 | 10 | 10 | 1,000 |
| HTTPS protection | Enable HTTPS protection on the Web in just a few clicks | ✓ | ✓ | ✓ | ✓ |
| HTTPS/2 protection | Secure the Web using HTTP/2 | × | ✓ | ✓ | ✓ |
| Non-standard port protection | Can protect traffic passing through ports other than standard ports 80, 8080, 443, and 8443 | × | ✓ | ✓ | ✓ |
| Smart Load Balancing | Connect multiple SLB service nodes for automatic disaster recovery and optimal routing with low latency | ○ | ○ | ○ | ○ |
| Dedicated IP address | Provide dedicated IP addresses to protect specific domain names | ○ | ○ | ○ | ○ |
| Dedicated cluster | Customize service access and protection functions based on business needs | × | × | × | ✓ |
| Protect the rules engine | Prevent common network attacks, such as SQL injection and XSS attacks | ✓ | ✓ | ✓ | ✓ |
| Enable automatic updates of protection rules for web zero-day vulnerabilities | ✓ | ✓ | ✓ | ✓ | |
| Custom protection rule group | Custom protection rule group | × | ✓ | ✓ | ✓ |
| Big data deep learning engine | Detect zero-day vulnerabilities in the Web | × | ✓ | ✓ | ✓ |
| Active security mode | Provides dynamic defense capabilities based on deep learning of Web site traffic | × | × | ✓ | ✓ |
| Prevent Web site tampering | Lock the web page to prevent content tampering | ✓ | ✓ | ✓ | ✓ |
| Prevent data leakage | Prevent sensitive data such as ID card number, mobile phone number and bank card number from being leaked | ✓ | ✓ | ✓ | ✓ |
| HTTP flood attack protection | Prevent or prevent common HTTP flood attacks in emergency mode | ✓ | ✓ | ✓ | ✓ |
| Blacklist | Block access requests from specific IP addresses or CIDR Blocks | ✓ | ✓ | ✓ | ✓ |
| Block access requests from specific IP addresses, specific CIDR blocks, or IP addresses in specific regions | × | ✓ | ✓ | ✓ | |
| Scanning protection | Block IP addresses that frequently launch Web attacks and path traversal, as well as IP addresses of common scanning tools, to provide coordinated protection (default rules are used to block the first category of IP addresses) | ✓ | ✓ | ✓ | ✓ |
| Supports the above protection functions and customizes interception rules for high-frequency Web attacks and path traversal | × | ✓ | ✓ | ✓ | |
| Customize protection policies | Use basic items such as IP, URL, source website, user agent, parameters, etc. to implement ACL-based access control | ✓ | ✓ | ✓ | ✓ |
| Use basic items and detailed settings to support ACL-based access control (detailed settings include Cookie, Content-Type, Header, HTTP-Method) | × | ✓ | ✓ | ✓ | |
| Develop access frequency restriction strategies based on IP addresses and sessions (set specific monitoring conditions and set access frequency rules to deal with certain HTTP flood attacks) | × | ✓ | ✓ | ✓ | |
| Set access frequency rules based on IP address, item and custom item | × | × | ✓ | ✓ | |
| Manage data risks | Protect important website services such as registration, login, events and forums from fraud | ○ | ○ | ○ | ○ |
| Allow crawler access | Maintain a whitelist of approved search engines such as Google, Bing, Baidu and Yandex (crawlers from these search engines can access the specified domain name) | ○ | ○ | ○ | ○ |
| Bot threat intelligence | Provide information about suspicious IP addresses used by data centers and malicious scanners (in addition, maintain a malicious crawler IP address database to prevent crawlers from accessing all web pages under a domain name or a specific directory) | ○ | ○ | ○ | ○ |
| Protect applications | Provide secure connections and anti-bot protection for local applications (identify requests from proxy servers and emulators, and requests with invalid signatures) | ○ | ○ | ○ | ○ |
| Account security | Detect SMS flood attacks against service endpoints. Such as dictionary attacks, brute force cracking, junk user registration, weak passwords, registration endpoints and login endpoints, etc. | ✓ | ✓ | ✓ | ✓ |
| WAF log service | Collect and store all logs, enable near real-time query and analysis, and provide online reports | × | ○ | ○ | ○ |
Alibaba Cloud WAF is a SaaS model, so it can also be used in the infrastructure environment of internal clouds other than Alibaba Cloud. Since it is compatible with multi-cloud of other platforms, it has very high versatility.
▼ Company WeChat Official Account▼
▼ Contact person in charge WeChat ID ▼
Follow us on WeChat
![[Hallucination] Are Japanese living abroad friendly to each other?](https://beyond-shenzhen.cn/wp-content/uploads/2025/04/japanese-not-friendly1.jpg)
Launched “WEB Network Marketing Agency Service”"
Published a case study on updating the homepage of the “Yuwa Life” website."