Personal Data Protection Mechanism
To ensure that website visitors' personal data, such as the username, password, and mobile phone number, will not be obtained by unauthorized or unauthenticated entities or people and to prevent data leakage, WAF encrypts your personal data before storing it to control access to the data and records logs for operations performed on the data.
Personal Data to Be Collected
WAF records requests that trigger attack alarms in event logs. Table 1 provides the personal data collected and generated by WAF.
Type |
Collection Method |
Can Be Modified |
Mandatory |
---|---|---|---|
Request source IP address |
Attacker IP address that is blocked or recorded by WAF when the domain name is attacked. |
No |
Yes |
URL |
Attacked URL of the protected domain name, or URL of the protected domain name that is blocked or recorded by WAF. |
No |
Yes |
HTTP/HTTPS header information (including the cookie) |
Cookie value and header value entered on the configuration page when you configure a CC attack or precise protection rule. |
No |
No If the configured cookie and header fields do not contain users' personal information, the requests recorded by WAF will not collect or generate such personal data. |
Request parameters (Get and Post) |
Request details recorded by WAF in protection logs. |
No |
No If request parameters do not contain users' personal information, the requests recorded by WAF will not collect or generate such personal data. |
Storage Mode
The values of sensitive fields are saved after being anonymized, and the values of other fields are saved in plaintext in logs.
Access Control
Users can view only logs related to their own services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot