Help Center> >Glossary


    • A
      A record

      See Address record

      access frequency control

      Frequency of access to an interface is limited by an access control policy.

      accurate access protection

      Detection policies can be customized for common fields (such as URL, IP, Params, Cookie, Referer, User-Agent and Header) in HTTP requests. In addition, multi-logic detection policies are supported.

      Address record

      Address records (A records) are used to specify IP addresses for host names (or domain names). You can use A records to make different domain names point to different IP addresses.


      WAF has a big crawler characteristics database used to detect crawlers (such as engine crawlers, script crawlers, and scanners).


      • B
        blacklist and whitelist

        The IP address whitelist is a list of trusted IP addresses and traffic from these IP addresses is not subject to attack detection. The IP address blacklist is a list of malicious IP addresses and traffic from these IP addresses is subject to actions specified in detection policies.


        • C
          Canonical Name record

          A Canonical Name record (CNAME record) is a type of resource record in the domain name system used to specify that multiple domain names are mapped to the same domain name (the Canonical Name).


          See challenge collapsar

          challenge collapsar

          Attackers use proxy servers to generate valid requests directed to target hosts. CC attacks are a type of denial of service (DoS) attack.


          See command injection

          CNAME record

          See Canonical Name record

          code injection

          Code injection is an attack that exploits logic defects of web applications in input validation or code execution vulnerabilities of some script functions.

          command injection

          Exploiting web application interfaces allowed to invoke system commands, attackers use commands generated at the server end by command splicing and blacklist bypassing to attack services.

          cross-site request forgery

          Cross-site request forgery is another common web attack. Attackers forge data for targets to access. If the browsers of the targets maintain the authentication sessions with the destination sites, the targets unknowingly send requests forged by attackers to the destination sites when accessing the attacker-forged pages or URLs.

          cross-site scripting

          XSS is a type of web security vulnerability used by attackers to steal user information. Using the vulnerability, attackers inject malicious code into web pages. The code is executed to steal user information when users browse the web pages.


          See cross-site request forgery


          • D
            detection based on semantic analysis

            A syntax tree is built based on the semantic context to determine whether a load is an attack load.


            • H
              hot update

              WAF policies are delivered in real time without affecting ongoing services.


              • I
                intelligent decoding

                WAF intelligently identifies multi-layer obfuscation of multiple types of code and performs in-depth decoding to obtain the deep-rooted intents of attackers.


                • L

                  In leeching, the attacker uses a link to direct access requests to a file on your website instead of placing the file on their own server. Typically, the file is big and consumes a lot of bandwidth, for example, an image or video. In some sense, you are paying for the access traffic to the file. Therefore, you are not only unpaid for the occupied bandwidth, the access rate to your website is also affected seriously.


                  • M

                    See multi-pattern matching

                    multi-pattern matching

                    A highly efficient multi-mode matching algorithm is used for characteristic detection of request traffic, which greatly improves the performance of the detection engine.


                    • N
                      non-standard port

                      A port that is not port 80 or 443 is a non-standard port.


                      • S
                        sensitive file access

                        Sensitive files, such as configuration files and permission management files of operating systems and application service frameworks, should not be accessed on the Internet; otherwise, service security is compromised.

                        server-side request forgery

                        SSRF is an attacker-made vulnerability that can be used to send requests from servers. Typically, targets of SSRF are internal systems inaccessible from the Internet. The causes of SSRF are that the server can obtain data from other servers and that users have not filtered and limited destination addresses when they can.


                        See sensitive file access

                        SQL injection

                        SQL injection is a common web attack. Attackers inject SQL statements into query character strings of background databases to deceive servers into executing the malicious SQL statements. Then, attackers can obtain sensitive information, add users, export files, or even gain the highest permissions on the databases or even the systems.


                        See SQL injection


                        See server-side request forgery


                        • W

                          See Web Application Firewall

                          Web Application Firewall

                          Web Application Firewall (WAF) is designed to keep web services stable and secure. It examines all HTTP and HTTPS requests to detect and block attacks such as Structure Query Language (SQL) injections, cross-site scripting (XSS), Trojan horses, command or code injections, file inclusions, sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and cross-site request forgery (CSRF).


                          A webshell is an attack script. After intruding a website, an attacker mixes .asp, .php, .jsp, or .cgi files with normal web page files. Then, the attacker can access web backdoors using a browser. In other words, the attacker has obtained an environment to run his malicious commands to control the website server. For this reason, webshells are also called backdoor tools.