Help Center

A

• A

  A record

  See Address record

  access frequency control

  Frequency of access to an interface is limited by an access control policy.

  accurate access protection

  Detection policies can be customized for common fields (such as URL, IP, Params, Cookie, Referer, User-Agent and Header) in HTTP requests. In addition, multi-logic detection policies are supported.

  Address record

  Address records (A records) are used to specify IP addresses for host names (or domain names). You can use A records to make different domain names point to different IP addresses.

  anti-crawler

  WAF has a big crawler characteristics database used to detect crawlers (such as engine crawlers, script crawlers, and scanners).

B

• B

  blacklist and whitelist

  The IP address whitelist is a list of trusted IP addresses and traffic from these IP addresses is not subject to attack detection. The IP address blacklist is a list of malicious IP addresses and traffic from these IP addresses is subject to actions specified in detection policies.

C

• C

  Canonical Name record

  A Canonical Name record (CNAME record) is a type of resource record in the domain name system used to specify that multiple domain names are mapped to the same domain name (the Canonical Name).

  CC

  See challenge collapsar

  challenge collapsar

  Attackers use proxy servers to generate valid requests directed to target hosts. CC attacks are a type of denial of service (DoS) attack.

  CMDi

  See command injection

  CNAME record

  See Canonical Name record

  code injection

  Code injection is an attack that exploits logic defects of web applications in input validation or code execution vulnerabilities of some script functions.

  command injection

  Exploiting web application interfaces allowed to invoke system commands, attackers use commands generated at the server end by command splicing and blacklist bypassing to attack services.

  cross-site request forgery

  Cross-site request forgery is another common web attack. Attackers forge data for targets to access. If the browsers of the targets maintain the authentication sessions with the destination sites, the targets unknowingly send requests forged by attackers to the destination sites when accessing the attacker-forged pages or URLs.

  cross-site scripting

  XSS is a type of web security vulnerability used by attackers to steal user information. Using the vulnerability, attackers inject malicious code into web pages. The code is executed to steal user information when users browse the web pages.

  CSRF

  See cross-site request forgery

D

• D

  detection based on semantic analysis

  A syntax tree is built based on the semantic context to determine whether a load is an attack load.

H

• H

  hot update

  WAF policies are delivered in real time without affecting ongoing services.

I

• I

  intelligent decoding

  WAF intelligently identifies multi-layer obfuscation of multiple types of code and performs in-depth decoding to obtain the deep-rooted intents of attackers.

L

• L

  leeching

  In leeching, the attacker uses a link to direct access requests to a file on your website instead of placing the file on their own server. Typically, the file is big and consumes a lot of bandwidth, for example, an image or video. In some sense, you are paying for the access traffic to the file. Therefore, you are not only unpaid for the occupied bandwidth, the access rate to your website is also affected seriously.

M

• M

  MPM

  See multi-pattern matching

  multi-pattern matching

  A highly efficient multi-mode matching algorithm is used for characteristic detection of request traffic, which greatly improves the performance of the detection engine.

N

• N

  non-standard port

  A port that is not port 80 or 443 is a non-standard port.

S

• S

  sensitive file access

  Sensitive files, such as configuration files and permission management files of operating systems and application service frameworks, should not be accessed on the Internet; otherwise, service security is compromised.

  server-side request forgery

  SSRF is an attacker-made vulnerability that can be used to send requests from servers. Typically, targets of SSRF are internal systems inaccessible from the Internet. The causes of SSRF are that the server can obtain data from other servers and that users have not filtered and limited destination addresses when they can.

  SFA

  See sensitive file access

  SQL injection

  SQL injection is a common web attack. Attackers inject SQL statements into query character strings of background databases to deceive servers into executing the malicious SQL statements. Then, attackers can obtain sensitive information, add users, export files, or even gain the highest permissions on the databases or even the systems.

  SQLi

  See SQL injection

  SSRF

  See server-side request forgery

W

• W

  WAF

  See Web Application Firewall

  Web Application Firewall

  Web Application Firewall (WAF) is designed to keep web services stable and secure. It examines all HTTP and HTTPS requests to detect and block attacks such as Structure Query Language (SQL) injections, cross-site scripting (XSS), Trojan horses, command or code injections, file inclusions, sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and cross-site request forgery (CSRF).

  webshell

  A webshell is an attack script. After intruding a website, an attacker mixes .asp, .php, .jsp, or .cgi files with normal web page files. Then, the attacker can access web backdoors using a browser. In other words, the attacker has obtained an environment to run his malicious commands to control the website server. For this reason, webshells are also called backdoor tools.

X

• X

  XSS

  See cross-site scripting