Docs
uewaf
Purchase Guide
Feature Description

Feature Description

UCloud Global Web Application Firewall (UWAF) is used to protect against internal and external security threats targeting web applications. It is compatible with high-protection services (UDDoS), and in addition to the protection provided by high-protection services, it can also defend against common network attacks such as injections, command execution, CC, etc.

Basic Concepts

Enterprise-level WEB application firewall is deployed in front of the origin server. After purchasing, the CNAME provided by UWAF is configured into the CNAME resolution of the domain name. Then all public network traffic will pass through UWAF, malicious attack traffic will be filtered, and only normal traffic can pass through UWAF to be sent to the origin server, thus ensuring the safety of the origin server.

Web Application Attack Protection

Comprehensive protection against the following types of attacks: SQL injection, XSS cross-site, WebShell, command injection, illegal HTTP protocol requests, common Web server vulnerability attacks, unauthorized access to core files, path traversal, etc. Provides backdoor isolation protection and scan protection features.

Precise Access Control Rules

  • Provides a user-friendly configuration console interface, supports the combination of common HTTP fields such as IP, URL, Referer, User-Agent, etc., to create a powerful precise access control strategy, and can support anti-theft link, website backend protection and other protection scenarios.
  • Uses a linkage mechanism with common Web attack protection and CC protection security modules to create a multi-layer integrated protection mechanism, identifying trusted and malicious traffic according to needs.

Malicious CC Attack Protection

  • Control the access frequency of a single source IP, and support redirection jump verification, and human-machine recognition, etc.
  • Against massive slow request attacks, identify abnormal Referer and User-Agent characteristics based on statistics response codes and URL request distribution, and carry out comprehensive protection with accurate website access control.

Rich Reports

Provide rich attack and access reports, allowing you to understand the website’s status in a timely manner.

Blacklist and Whitelist

  • Blacklist: Blocks specified IP or IP ranges.
  • Whitelist: Allows specified IP or IP ranges.

Log Query and Download

  • UWAF supports real-time queries within 3 days and online query of 10,000 logs. Provides log download in the past 7 days (attack log and access log).
  • If the user turns on the log extension package service, it then supports a maximum of 180 days of log download service (free of charge for flagship and above users).

Alert Management

  • Send UWAF related domain name alarm summary information regularly, send to the user’s email, and remind risks that occur.
  • Send alarms in real-time when the rules are triggered in large numbers within a short period of time for UWAF-related domain names, send alarms to the user’s email or mobile phone, and remind the risk of security incidents.
  • Send real-time alarms when UWAF related domain name origin servers do not respond normally, send to the user’s email, and remind users to check the origin server.
  • Send alarms in real-time for the request response status of UWAF-related domain names, such as if the proportion of status codes above 499 in overall requests exceeds 30%. Then it will send an alarm to the user’s email or mobile phone.
Product IntroductionVersion Selection