Help Center/ Cloud Firewall/ User Guide/ Attack Defense/ Attack Defense Overview
Updated on 2025-07-23 GMT+08:00

Attack Defense Overview

CFW can defend against network attacks and virus files. You are advised to set Protection Mode to Intercept in a timely manner.

Prerequisites

At least one type of traffic protection has been enabled.

Defense Against Network Attacks and Virus Files

CFW provides defense functions, including intrusion prevention (IPS), sensitive directory scan, antivirus, and reverse shell detection to defend against network attacks and virus-infected files. For details, see Table 1.

Table 1 Attack defense

Feature

Check Type

Configuration Guide

IPS

  • Scan for threats and vulnerabilities.
  • Check whether traffic contains phishing, Trojans, worms, hacker tools, spyware, brute-force attacks, vulnerability attacks, SQL injection attacks, XSS attacks, and web attacks.
  • Checks whether there are protocol anomalies, buffer overflow, access control, suspicious DNS activities, and other suspicious behaviors in traffic.

Adjusting the IPS Protection Mode to Block Network Attacks

Sensitive directory scan defense

Attacks on the sensitive directories of cloud servers

Enabling Sensitive Directory Scan Defense

Reverse shell defense

Network attacks through reverse shells

Enabling Reverse Shell Defense

Antivirus

Identify and process virus-infected files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus-infected files. HTTP, SMTP, POP3, FTP, IMAP4 and SMB protocols can be checked.

Configuring Virus Defense

Protection Actions

  • Observe: No rules are enabled. The firewall records the traffic that matches the current rule in Attack Event Logs and does not block the traffic.
  • Intercept: Rules are enabled. The firewall records the traffic that matches the current rule in Attack Event Logs and blocks it.
  • Disable: Rules are disabled. The firewall does not log or block the traffic that matches the current rule.

References

For details about the protection overview, see Viewing Attack Defense Information on the Dashboard. For details about logs, see Attack Event Logs.