Updated on 2024-11-18 GMT+08:00

Basic Concepts

This document describes terms related to WAF.

CC Attack

Challenge Collapsar (CC) attacks are web attacks against web servers or applications. In CC attacks, attackers send a large amount of standard GET/POST requests to target system to exhaust web servers or applications. For example, attackers can send requests to URIs of databases or other resources to make the servers unable to respond to normal requests. For more details about how to use WAF to defend against this type of attacks, see Configuring CC Attack Protection Rules to Defend Against CC Attacks.

Cross-Site Request Forgery (CSRF)

CSRF, or XSRF is a common web attack. Attackers may trick the victim into submitting a malicious request that inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf. If the user is currently authenticated to the site, the site will have no way to distinguish between the forged request and a legitimate request sent by the victim, as browser requests always carry session cookies associated with the site. Basic web protection can defend against cross-site request forgery attacks. For details, see Enabling Basic Web Protection.

Scanner

A scanner is a program that automatically detects security vulnerabilities on local or remote servers. It can quickly and accurately detect vulnerabilities of scanned targets and provide scanning results for users. In WAF anti-crawler protection, you can enable Scanner to block or only log scanners and crawlers. For details, see Configuring an Anti-Crawler Rule.

Web Tamper Protection

Web Tamper Protection (WTP) can protect your files, such as web pages, documents, images, and databases, in specific directories against tampering and sabotage from hackers and viruses. For details about how to configure WTP, see Configuring Web Tamper Protection Rules to Prevent Static Web Pages from Being Tampered With.

Cross-site Scripting (XSS) Attack

XSS is a type of attack that exploits security vulnerabilities in web applications. The attacker injects auto-executed malicious code into webpages to steal user information when they visit the pages. By default, General Check in basic web protection is enabled to defend against XSS attacks. For details, see Enabling Basic Web Protection.

SQL Injection

SQL injection is a common web attack whereby attackers inject malicious SQL commands into query strings of backend databases for the victim web application to deceive the server into executing them. By exploiting these commands, the attacker can obtain sensitive information, add users, export files, or even gain the highest permissions to the database or system. By default, General Check in basic web protection is enabled to defend against SQL injections. For details, see Enabling Basic Web Protection.

Command Injection

Command injection is a cyber attack that executes fabricated OS commands and escape from a blacklist by calling web APIs to attack services. By default, General Check in basic web protection is enabled to defend against command injections. For details, see Enabling Basic Web Protection.

Code Injection

Code injection is an attack that exploits logic defects of web applications in input validation or code execution vulnerabilities of some script functions. By default, General Check in WAF basic web protection is enabled to defend against code injections. For details, see Enabling Basic Web Protection.

Sensitive File Access

Sensitive files, such as configuration files and permission management files related to the operating system and application service framework, are mission-critical data. If sensitive files are accessible through Internet requests, the services will be at risk. By default, General Check in WAF basic web protection is enabled to defend against unauthorized access to files. For details, see Enabling Basic Web Protection.

Server-Side Request Forgery

Server-side request forgery (SSRF) is a web security vulnerability constructed by an attacker to form a request initiated by the server. Generally, the target of an SSRF attack is the internal system that cannot be accessed from the external network. If a server supports obtaining data from other server applications but not filters or restricts destination addresses, an SSRF vulnerability may be made by attackers. WAF basic web protection can defend against such attacks. For details, see Enabling Basic Web Protection.

Web Shell

A web shell is an attack script. After intruding into a website, an attacker adds an .asp, .php, .jsp, or .cgi script file with normal web page files. Then, the attacker accesses the file from a web browser and uses it as a backdoor to obtain a command execution environment for controlling the web server. So, web shells are also called backdoor tools. If you enable web shell detection in basic web protection, WAF detects web Trojans implanted through the upload interface. For details, see Enabling Basic Web Protection.

Hotlinking

Hotlinking is an act that a crafty website links to files hosted on your servers, instead of storing files on their own servers. Generally, the crafty website links to large files, such as images and videos, as large files use much more bandwidth than small ones. So you have to pay for access traffic of the bad actors. They steal your server bandwidth, making your website slow. For details about how to use WAF to defend against this type of attacks, see Defending Hotlinking.

Precise Protection

You can create a custom precise protection rule that combines multiple common HTTP fields, such as the URL, IP, Params, Cookie, Referer, User-Agent, and Header. You can also combines logic conditions to block or allow traffic precisely. For more details, see Configure Precise Protection Rules to Enable Custom Protection.

Blacklist and Whitelist

The IP address whitelist includes trusted IP addresses. Requests from the trusted IP addresses are forwarded without inspection. The IP address blacklist includes malicious IP addresses. The traffic from these IP addresses is handled based on inspection policies. For details about how to use WAF to establish an IP address whitelist or blacklist, see Configuring IP Address Blacklist and Whitelist Rules to Block or Allow Specified IP Addresses.

Anti-Crawler

An extensive crawler feature library is provided to detect many types of crawlers (search engines, scanners, script tools, and other crawlers). For more details about how to use WAF to defend against crawlers, see Configuring an Anti-Crawler Rule.

Non-standard Port

Non-standard ports defined in WAF are the ports other than ports 80 and 443. For more details, see Ports Supported by Huawei Cloud WAF.