[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

[China] Alibaba Cloud’s WAF function [Security]

This is Ohara from the technical sales department.

This time, we will describe the features and functions of
Alibaba Cloud WAF provided by Alibaba Cloud *Information as of September 2021.

Alibaba Cloud security history

At Alibaba Cloud, we are focusing on developing security products to protect Alibaba Cloud services from various external cyber attacks.

One of its security products, Alibaba Cloud WAF (Web Application Firewall), is a web attack defense service developed based on Alibaba Cloud's more than 10 years of security experience. It is an evolving service with advanced defense mechanisms.

Alibaba Cloud WAF service overview

Alibaba Cloud WAF can be installed not only on Alibaba Cloud, but also on systems running on-premises, VPS, or other companies' cloud servers by simply switching the DNS, so it can be used to protect any infrastructure environment.

■ Web application protection

● Zero-day attack protection
- By dynamically updating defense rules within 24 hours, risks can be dealt with promptly.
● Hiding your website
: Hiding and protecting your website from intruders by using DNS to divert traffic.
● OWASP attack protection
- Provides various defense policies and quarantine functions, and accurately determines and protects against known attacks such as SQL injection.

■ Site access control

● Adding HTTPS functionality
- Add HTTPS functionality to your site by simply uploading the private key file.
● Access control
and multi-layered protection determines and blocks information-gathering activities of sites necessary for intrusion.

■ Highly accurate traffic analysis

● Accurate malicious access determination
- Malicious access such as bots can be accurately identified and evaluated when blocked.
● Custom policy
- You can freely change and reflect defense rules as necessary.

Alibaba Cloud WAF features (by edition)

Alibaba Cloud WAF has 4 editions to choose from depending on processing capacity, defense functions, and case.
For example, you can start small with the Professional edition and change editions as your web access increases, allowing you to flexibly scale up to suit your needs and situation.

Features overview Pro Edition Business Edition Enterprise Edition Exclusive Edition (submit tickets to purchase)
peak request rate - 2,000 QPS 5,000 QPS Higher than 10,000 QPS 5,000 QPS
maximum bandwidth If the origin server is deployed on Alibaba Cloud 50 Mbit/s 100 Mbit/s 200 Mbit/s 100 Mbit/s
If the origin server is not deployed to Alibaba Cloud 10 Mbit/s 30 Mbit/s 50 Mbit/s 30 Mbit/s
Maximum number of domains supported by default - 1 1 1 1,000
Maximum number of subdomains supported by default Supports wildcard domains 10 10 10 1,000
HTTPS protection Implement HTTPS protection on your website in just a few clicks
HTTPS/2 protection Secure websites that use HTTP/2 ×
Non-standard port protection Protects traffic through ports other than standard ports 80, 8080, 443 and 8443 ×
Intelligent load balancing Connect to multiple SLB service nodes to implement automatic disaster recovery and low-latency optimal routing
exclusive IP address Provides exclusive IP addresses to protect specific domain names
exclusive cluster Customize service access and protection based on business requirements × × ×
protection rules engine Protects against common web attacks such as SQL injection and XSS attacks
Enable automatic update of protection rules for web zero-day vulnerabilities
Custom protection rule group Customize protection rule groups ×
big data deep learning engine Detects web zero-day vulnerabilities ×
positive security model Proactive protection based on deep learning of website traffic × ×
Preventing website tampering Lock web pages to prevent content tampering
Data leak prevention Prevent leakage of confidential data such as ID card numbers, mobile phone numbers, bank card numbers, etc.
HTTP flood protection Protects against common HTTP flood attacks in preventive or precautionary emergency mode
blacklist Block access requests from specific IP addresses or CIDR blocks
Block access requests from specific IP addresses, specific CIDR blocks, or IP addresses in specific regions ×
scan protection Blocks IP addresses where web attacks and path traversals are frequently initiated and scan tool IP addresses, providing a coordinated defense (default rules are used to block the first type of IP addresses)
Supports the above protection features and customizes blocking rules for high frequency web attacks and path traversal ×
Custom protection policy Supports ACL-based access control using basic fields such as IP, URL, referrer, user agent, and parameters
Supports ACL-based access control using basic and advanced fields (advanced fields include Cookie, Content-Type, Header, and HTTP-Method) ×
Configure rate limiting policies based on IP address and session (customize HTTP flood protection rules that allow you to add match conditions and configure rate limiting policies) ×
Configure rate limiting policies based on IP addresses, sessions, and custom fields × ×
data risk management Protect critical website services such as registration, logon, activity, and forums from fraud
allowed crawler Maintain a whitelist of approved search engines such as Google, Bing, Baidu, and Yandex (the crawlers of these search engines will access the specified domain name)
Bot threat intelligence Provides information about data centers and suspicious IP addresses used by malicious scanners (also maintains a library of IP addresses for malicious crawlers and allows crawlers to visit all pages under a domain name or a particular directory) )
App protection Provides secure connectivity and anti-bot protection for native apps (identifies requests from proxy servers and emulators and requests with invalid signatures)
Account security Detects dictionary attacks, brute force attacks, spam user registration, weak passwords, and SMS flood attacks against service endpoints such as registration endpoints and logon endpoints.
WAF log service Collects and stores all logs, enables near real-time query and analysis, and provides online reporting ×

summary

Alibaba Cloud WAF is a SaaS model, so it can be used in on-premises cloud infrastructure environments other than Alibaba Cloud. It seems to be very versatile as it supports multi-cloud regardless of platform.

 

If you found this article helpful , please give it a like!
0
Loading...
0 votes, average: 0.00 / 10
534
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

The person who wrote this article

About the author

ohara

I started my career in the telecommunications industry as a salesperson in charge of introducing IT products such as NW services, OA equipment, and groupware for corporations.

After that, he worked as a pre-sales engineer for physical servers/hosting services and as a customer engineer for SaaS-type SFA/CRM/BtoB e-commerce at an SIer-based data center business company, before joining his current company, Beyond.

Currently, I am stationed in Shenzhen, China, the Silicon Valley of Asia, and my daily routine is to watch Chinese dramas and billbill.

Qualification: Second class bookkeeping