Help Center/ Web Application Firewall/ Best Practices/ WAF Best Practices You May Need
Updated on 2024-08-08 GMT+08:00

WAF Best Practices You May Need

This document introduces some common scenarios Web Application Firewall (WAF) can be applied to and describes applicable solution details and operation guidelines, helping you quickly get started with WAF.

WAF Best Practices

Table 1 WAF best practices

Category

Reference

Website access configuration

Connecting a Website Without a Proxy to WAF in CNAME Access Mode

Combining AAD and WAF to Get All-Round Protection

Combining CDN and WAF to Get Improved Protection and Load Speed

Combining WAF and Layer-7 Load Balancers to Protect Services over Any Ports

Using WAF, ELB, and NAT Gateway to Protect Services Not Deployed on Our Cloud

Policy configuration

Website Protection Configuration Suggestions

Using WAF to Defending Against CC Attacks

Using WAF to Block Crawler Attacks

Verifying a Global Protection Whitelist Rule by Simulating Requests with Postman

Combining WAF and HSS to Improve Web Page Tampering Protection

Configuring Header Field Forwarding to Disable Response Packet Compression

Migrating Protection Policies for Your Website

Using WAF to patch web vulnerabilities

Java Spring Framework Remote Code Execution Vulnerability

Apache Dubbo Deserialization Vulnerability

DoS Vulnerability in the Open-Source Component Fastjson

Remote Code Execution Vulnerability in the Open-Source Component Fastjson

Oracle WebLogic wls9-async Deserialization Remote Command Execution Vulnerability (CNVD-C-2019-48814)

LTS log analysis

Using LTS to Query and Analyze WAF Access Logs

Using LTS to Analyze How WAF Blocks Spring Core RCE Vulnerabilities

Using LTS to Configure Block Alarms for WAF Rules

Origin server security configuration

Using WAF to Improve Connection Security

Configuring an Access Control Policy on an ECS or ELB to Protect Origin Servers

Obtaining real client IP addresses

Obtaining Real Client IP Addresses

Configuring Alarms on Cloud Eye for Abnormal WAF Metrics

Configuring Alarms on Cloud Eye for Abnormal WAF Metrics

Security and governance

Building a WAF with ModSecurity