Alibaba Cloud WAF application firewall core concepts and purchase and use

Enterprise 2023-09-11 18:58:45 views: null

Article directory

1. Basic concept of WAF application firewall

Official document: https://help.aliyun.com/document_detail/28517.html

1.1. What is a WAF firewall

Web Application Firewall (WAF) provides one-stop security protection for websites or APP businesses. WAF can effectively identify malicious specialties of Web business traffic. WAF will clean and filter the traffic and return normal traffic to The server intercepts and shields malicious traffic to prevent the website server from being maliciously invaded and causing abnormal server performance and other problems. It is mainly used to ensure the business security and data security of the website.

WAF is an application firewall, which is different from traditional firewalls. Traditional firewalls are mainly used to isolate the network environment and allow or deny certain application services, while application firewalls are mainly used to filter the traffic of website applications. Various algorithms forward normal request website traffic to the back-end WEB server and directly intercept abnormal traffic.

WAF can be used together with CDN to speed up website access while also increasing website security.

When WAF is used with CDN, the user's request first reaches the DNS server, and the DNS server forwards it to the nearest edge node according to the domain name of the CDN. When a return-to-origin operation is required, the request will first reach the WAF firewall, which will filter it. Only normal requests will be filtered by the WAF firewall. The access request will be forwarded to the SLB load balancer, and then redistributed to the WEB server. When there is an abnormal CDN return to the origin, the WAF firewall will directly intercept it to ensure the security of the internal network.

WAF application firewall uses core attack and defense and big data capabilities to drive web security, easily respond to various web application attacks, and ensure the web security and availability of the website.

1.2.Main functions of WAF

  • WEB application security protection
    • WAF can easily defend against common website attack methods such as SQL injection, XSS cross-site, Webshell upload, backdoor isolation protection, command injection, illegal requests, Web vulnerability attacks, etc.
    • After the website is connected to WAF, a CNAME address will be provided, and the website domain name will be resolved to the CNAME domain name address provided by WAF, which is equivalent to the website being in an invisible state. Only the domain name of the website is known, but the IP address of the website is not known.
  • Deep and precise protection
    • Supports a variety of common HTTP protocol parsed data submission formats, including header fields, Form forms, JSON, XML, etc., and filters and filters these submitted data.
    • It also supports security protection for common encodings, such as URL encoding, Java Script Unicode encoding, HEX encoding, Base64 encoding, and UTF-8 encoding.
  • CC malicious attack protection
    • Control frequent access from a single source IP based on redirection verification and human-machine identification.
    • To control massive slow request attacks, comprehensive protection is carried out based on statistical response codes and URL request distribution, abnormal Referer and User-Agent feature identification, and combined with precise website protection rules.
    • WAF will build threat intelligence and trusted access analysis models based on Alibaba Cloud's big data security advantages to quickly identify malicious traffic.
  • Precise access control
    • It provides a friendly configuration console interface, supports conditional combinations of common HTTP fields such as IP, URL, Referer, User-Agent, etc., configures powerful and precise access control policies, and supports protection scenarios such as hotlink protection and website background protection.
    • Combined with common Web attack protection, CC protection and other security modules, a multi-layered comprehensive protection mechanism is built; based on needs, trusted and malicious traffic can be easily identified.
  • virtual patch
    • Before web application vulnerability patches are released and repaired, rapid protection can be achieved by adjusting web protection strategies.
  • Attack incident management
    • Supports centralized management and statistics of attack events and attack traffic.
  • reliability
    • Supports protection services for load balancing clusters, supports smooth expansion, and has no single point of problems.

1.3. Application Scenarios of WAF Application Firewall

  • Prevent data leakage and prevent the core data of the website from being dragged and leaked due to injection intrusion attacks by hackers.
  • Anti-malicious CC protects website availability by blocking massive malicious requests.
  • Prevent Trojans from uploading web pages to tamper with and protect the credibility of the website.
  • Provide virtual patches and provide quick fixing rules to the greatest extent possible for the latest vulnerabilities exposed on the website.

1.4. Website access WAF application firewall architecture diagram

The more popular architecture among enterprises is CDN+WAF+SLB, which can not only ensure website security but also meet the needs of accelerating access.

There are also many architectures that use WAF+SLB, which lacks the acceleration link.

When a website uses both a CDN accelerator and a WAF firewall, the website access process is as shown in the figure below.

1) The user accesses the services provided by the kodcloud.jiangxl.com.cn domain name in the browser;

2) The domain name is parsed by DNS into the domain name resolution provided by the CDN accelerator, and when the data accessed by the user exists in the CDN, it is directly returned to the user;

3) When the data accessed by the user does not exist in the CDN, the CDN will return the source to the WAF;

4) WAF filters CDN back-to-source requests, intercepts abnormal traffic, and hands normal traffic to SLB load balancing;

5) SLB delivers the data requested by the user to WAF—>CDN—>user.

image-20220216135147051

2. Activate the WAF firewall product

1) Enter WAF in the console to enter the WAF console

image-20220216141856816

2) Activate the pay-as-you-go mode.

image-20220216142009048

3) Check the service agreement to buy now.

image-20220216142058933

4) WAF activation is completed.

image-20220216142140046

Guess you like

Origin blog.csdn.net/weixin_44953658/article/details/132801074
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com