El contenido no se encuentra disponible en el idioma seleccionado. Estamos trabajando continuamente para agregar más idiomas. Gracias por su apoyo.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Basic Concepts

Updated on 2024-03-14 GMT+08:00

This document describes terms related to WAF.

CC Attack

Challenge Collapsar (CC) attacks are web attacks against web servers or applications. In CC attacks, attackers send a large amount of standard GET/POST requests to target system to exhaust web servers or applications. For example, attackers can send requests to URIs of databases or other resources to make the servers unable to respond to normal requests.

Cross-Site Request Forgery (CSRF)

CSRF, or XSRF is a common web attack. Attackers may trick the victim into submitting a malicious request that inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf. If the user is currently authenticated to the site, the site will have no way to distinguish between the forged request and a legitimate request sent by the victim, as browser requests always carry session cookies associated with the site.

Scanner

A scanner is a program that automatically detects security vulnerabilities on local or remote servers. It can quickly and accurately detect vulnerabilities of scanned targets and provide scanning results for users.

Web Tamper Protection

Web Tamper Protection (WTP) can protect your files, such as web pages, documents, mages, and databases, in specific directories against tampering and sabotage from hackers and viruses.

Cross-site Scripting (XSS) Attack

XSS is a type of attack that exploits security vulnerabilities in web applications. The attacker injects auto-executed malicious code into webpages to steal user information when they visit the pages.

SQL Injection

SQL injection is a common web attack whereby attackers inject malicious SQL commands into query strings of backend databases for the victim web application to deceive the server into executing them. By exploiting these commands, the attacker can obtain sensitive information, add users, export files, or even gain the highest permissions to the database or system.

Command Injection

Command injection is a cyber attack that executes fabricated OS commands and escape from a blacklist by calling web APIs to attack services.

Code Injection

Code injection is an attack that exploits logic defects of web applications in input validation or code execution vulnerabilities of some script functions.

Sensitive File Access

Sensitive files, such as configuration files and permission management files related to the operating system and application service framework, are mission-critical data. If sensitive files are accessible through Internet requests, the services will be at risk.

Server-Side Request Forgery

Server-side request forgery (SSRF) is a web security vulnerability constructed by an attacker to form a request initiated by the server. Generally, the target of an SSRF attack is the internal system that cannot be accessed from the external network. If a server supports obtaining data from other server applications but not filters or restricts destination addresses, an SSRF vulnerability may be made by attackers.

Web Shell

A web shell is an attack script. After intruding into a website, an attacker adds an .asp, .php, .jsp, or .cgi script file with normal web page files. Then, the attacker accesses the file from a web browser and uses it as a backdoor to obtain a command execution environment for controlling the web server. So, web shells are also called backdoor tools.

Hotlinking

Hotlinking is an act that a crafty website links to files hosted on your servers, instead of storing files on their own servers. Generally, the crafty website links to large files, such as images and videos, as large files use much more bandwidth than small ones. So you have to pay for access traffic of the bad actors. They steal your server bandwidth, making your website slow.

Multi-pattern Matching

Multi-pattern matching is a highly efficient multi-mode matching algorithm that is used for feature detection of request traffic, which greatly improves the performance of the detection engine.

Precise Protection

You can create a custom precise protection rule that combines multiple common HTTP fields, such as the URL, IP, Params, Cookie, Referer, User-Agent, and Header. You can also combines logic conditions to block or allow traffic precisely.

Blacklist and Whitelist

The IP address whitelist includes trusted IP addresses. Requests from the trusted IP addresses are forwarded without inspection. The IP address blacklist includes malicious IP addresses. The traffic from these IP addresses is handled based on inspection policies.

Intelligent Decoding

This is a method that intelligently identifies multiple codes in a request for infinite multi-layer obfuscation and performs in-depth decoding to obtain the original attack intent of the attacker.

Semantic Analysis-based Detection

A syntax tree is constructed based on the semantic context to analyze and determine whether the payload is an attack payload.

Rate Limit

Access control policies are used to limit the access over a specific interface.

Anti-Crawler

A powerful crawler feature library is used to detect varied types of crawlers, such as engine crawlers, script crawlers, and scanning tools.

A Record

An address (A) record maps a host name (or domain name) to the IP address of the server hosting the domain name.

SQL Injection Attack

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

Non-standard Port

Non-standard ports are the ports other than ports 80 and 443.

Utilizamos cookies para mejorar nuestro sitio y tu experiencia. Al continuar navegando en nuestro sitio, tú aceptas nuestra política de cookies. Descubre más

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback