In this post, we will outline the features and functions of “Alibaba Cloud WAF,” a WAF service provided by Alibaba Cloud.
* Information is current as of September 2021.
Table of Contents
Alibaba Cloud is dedicated to developing security products aimed at protecting its infrastructure from a wide range of external cyber attacks.
One of these products, Alibaba Cloud WAF (Web Application Firewall), is a security service built on over 10 years of security expertise. It is designed to defend against internet attacks and features an advanced defense mechanism that leverages big data capabilities.
Alibaba Cloud WAF can be implemented not only on Alibaba Cloud but also in on-premises environments, VPS (Virtual Private Servers), and infrastructure environments provided by other cloud platforms—simply by switching DNS.
As such, it is not restricted by the infrastructure environment in which it is deployed.
| Category | Feature | Overview |
| Web Application Protection | Zero-day Attack Defense | Enables prompt risk mitigation by dynamically updating defense rules within 24 hours.。 |
| Website Protection | Protects sites from intruders by using DNS to reroute traffic. | |
| OWASP Attack Defense | Provides various defense policies and isolation features to accurately identify and block known attacks, such as SQL injection. | |
| Site Access Control | Add HTTPS Functionality | Adds HTTPS capabilities to a site simply by uploading the private key file. |
| Access Control | Identifies and blocks information-gathering activities required for intrusions through multi-layered protection. | |
| High-Precision Traffic Analysis | Accurate Malicious Access Identification | Accurately identifies malicious access, such as bots, and performs an evaluation when blocking. |
| Custom Policies | Allows for the flexible modification and application of defense rules as needed. |
Alibaba Cloud WAF offers four editions to choose from, depending on processing capacity, defense capabilities, and specific use cases.
This allows for flexible scaling; for instance, you can start small with the Pro Edition and upgrade as your web traffic grows, adapting to your specific needs and situation.
| Category | Overview | Pro Edition | Business Edition | Enterprise Edition | Exclusive Edition (submit tickets to purchase) |
| Peak Request Rate | – | 2,000 QPS | 5,000 QPS | 10,000 + QPS | 5,000 QPS |
| Maximum Bandwidth | If the origin server is deployed on Alibaba Cloud | 50 Mbit / s | 100 Mbit / s | 200 Mbit / s | 100 Mbit / s |
| If the origin server is not deployed on Alibaba Cloud | 10 Mbit / s | 30 Mbit / s | 50 Mbit / s | 30 Mbit / s | |
| Max Domains (Standard Support) | – | 1 | 1 | 1 | 1,000 |
| Max Subdomains (Standard Support) | Supports wildcard domains | 10 | 10 | 10 | 1,000 |
| HTTPS Protection | Implement with just a few clicks | 〇 | 〇 | 〇 | 〇 |
| HTTP/2 Protection | Protect websites using HTTP/2 | × | 〇 | 〇 | 〇 |
| Non-standard Port Protection | Protect ports other than 80, 8080, 443, and 8443 | × | 〇 | 〇 | 〇 |
| Intelligent Load Balancing | Multi-SLB connection, auto DR, low-latency routing | 〇 | 〇 | 〇 | 〇 |
| Dedicated IP Address | Provides dedicated IPs for specific domains | 〇 | 〇 | 〇 | 〇 |
| Dedicated Cluster | Protection from SQL injection and XSS attacks | × | × | × | 〇 |
| Protection Rule Engine | Protection against common web attacks | 〇 | 〇 | 〇 | 〇 |
| Web Zero-day Vulnerability Protection | Automatic rule updates | 〇 | 〇 | 〇 | 〇 |
| Custom Protection Rule Groups | Customization of protection rule groups | × | 〇 | 〇 | 〇 |
| Big Data Deep Learning Engine | Detects web zero-day vulnerabilities | × | 〇 | 〇 | 〇 |
| Whitelist Security Model | Proactive defense based on traffic learning | × | × | 〇 | 〇 |
| Website Anti-Defacement | Prevents tampering via web page locking | 〇 | 〇 | 〇 | 〇 |
| Data Leakage Prevention | Protection against leakage of personal information (IDs, phone numbers, etc.) | 〇 | 〇 | 〇 | 〇 |
| HTTP Flood Protection | Defense against attacks in preventive and emergency modes | 〇 | 〇 | 〇 | 〇 |
| Blacklist (IP / CIDR) | Blocks access from specific IPs/CIDRs | 〇 | 〇 | 〇 | 〇 |
| Scan Protection | Collaborative defense against web attacks and scanning tools | 〇 | 〇 | 〇 | 〇 |
| Scan Protection (Custom Rules) | Custom blocking of high-frequency attacks and path traversal | × | 〇 | 〇 | 〇 |
| Custom Protection Policies (Basic Fields) | ACL control based on IP, URL, Referer, User-Agent, and parameters | 〇 | 〇 | 〇 | 〇 |
| Custom Protection Policies (Detailed Fields) | ACL control based on Cookie, Content-Type, Header, and HTTP-Method | × | 〇 | 〇 | 〇 |
| Rate Limiting (IP / Session) | Customize HTTP flood protection rules with matching conditions | × | 〇 | 〇 | 〇 |
| Rate Limiting (IP / Session / Custom Fields) | More advanced rate limiting policies | × | × | 〇 | 〇 |
| Data Risk Management | Protects critical services such as registration, login, and forums | 〇 | 〇 | 〇 | 〇 |
| Allowed Crawler Whitelist | Grants access to authorized crawlers like Baidu, Bing, and Google | 〇 | 〇 | 〇 | 〇 |
| Bot Threat Intelligence | Provides intelligence on malicious crawlers, data center IPs, etc. | 〇 | 〇 | 〇 | 〇 |
| App Protection | Secure connections and bot prevention for native apps | 〇 | 〇 | 〇 | 〇 |
| Account Security | Protection against dictionary attacks, brute force, SMS flooding, etc. | 〇 | 〇 | 〇 | 〇 |
| WAF Log Service | Log collection/storage, real-time queries, and online reports | × | 〇 | 〇 | 〇 |
Alibaba Cloud WAF is a SaaS-based WAF service.
It can be used on cloud platforms other than Alibaba Cloud and can also be deployed in on-premises environments, offering a high degree of versatility.
| Managed Cloud Services | https://beyond-shenzhen.cn/en/service/server |
For Website Development and Managed Cloud Services
▼ Company WeChat Official Account▼
▼ Contact person in charge WeChat ID ▼
WeChat Official Account
WeChat Official Account
Person in ChargeWeChat
【Case Study】Gaming Media Site "AUTOMATON CHINA"
【2026】Public Holiday Calendar for China, Japan, and Singapore