What's New

Updated on 2024/12/19 GMT+08:00

The tables below describe the functions released in each Web Application Firewall version and corresponding documentation updates. New features will be successively launched in each region.

December 2024

No.

Feature

Description

Phase

Document

1

Custom response code and headers supported in CC attack protection rules

HTTP Return Codes and Response Header can be configured when Block Page is set to Custom.

Commercial use

Configuring CC Attack Protection Rules to Defend Against CC Attacks

October 2024

No.

Feature

Description

Phase

Document

1

Response Header added on the custom Block Page

A response header can be specified for custom alarm pages if you set Page Template to Custom.

Commercial use

Modifying the Alarm Page

2

Downloading events function no longer available

The function of downloading protection event logs has been moved from WAF to the LTS console.

Commercial use

Enabling LTS for WAF Protection Event Logging

3

New layout for protection rules page

The dashboard, basic web protection, CC attack protection, and precise protection rule configuration pages have been optimized.

Commercial use

Configuring Basic Web Protection to Defend Against Common Web Attacks

4

New Dashboard page

Some strings on the Dashboard page have been optimized.

Commercial use

Viewing the Dashboard Page

5

Layer 3 source IP address added to the sub-field.

Layer 3 source IP address is added to the sub-field corresponding to the IPv4/IPv6 field.

Commercial use

Condition Field Description

6

Scanning Protection available

The scanning protection module identifies scanning behaviors and scanner features to prevent attackers or scanners from scanning websites at scale. WAF will automatically block heavy traffic web attacks and directory traversal attacks and block the source IP addresses for a period of time, helping reduce intrusion risks and junk traffic.

Commercial use

Configuring a Scanning Blocking Rule to Automatically Block Heavy-Traffic Attacks

7

Response condition fields supported

The Response Code, Response Length, Response Time, Response Header, and Response Body fields are supported in rule conditions.

Commercial use

Condition Field Description

July 2024

No.

Feature

Description

Phase

Document

1

Optimizing the cloud mode domain access page

The page for adding websites to cloud WAF was optimized, which is easier to use.

Commercial use

Connecting a Website to WAF (Cloud Mode - CNAME Access)

2

Optimized purchase page

On the WAF purchase page, a help panel with parameter-level guide on selecting WAF edition is available.

Commercial use

Buying a Cloud WAF Instance

3

Custom time ranges selectable on the dashboard

On the Dashboard page, you can view the protection event logs of all protected websites or instances for a specified time range, including yesterday, today, past 3 days, past 7 days, or past 30 days.

You can select Yesterday, Today, Past 3 days, Past 7 days, or Past 30 days. You can also click Custom and specify a time range within 30 days.

Commercial use

Viewing the Dashboard

4

Optimized web UI for changing expansion package specifications

An independent entry is provided for changing specifications of expansion packages.

Commercial use

Changing the Cloud WAF Edition and Specifications

April 2024

No.

Feature

Description

Phase

Document

1

JS Challenge supported for Protective Action in CC attack protection rules

The Protective Action in CC attack protection rules can be set to JS Challenge.

JS Challenge: WAF returns a piece of JavaScript code that can be automatically executed by a normal browser to the client. If the client properly executes the JavaScript code, WAF allows all requests from the client within a period of time (30 minutes by default). During this period, no verification is required. If the client fails to execute the code, WAF blocks the requests.

Commercial use

Configuring a CC Attack Protection Rule

2

Cookie security attributes

If you set Client Protocol to HTTPS, you can enable Cookie Security Attributes. If you enable this, the HttpOnly and Secure attributes of cookies will be set to true.

Cookies are inserted by back-end web servers and can be implemented through framework configuration or set-cookie. Secure and HttpOnly in cookies help defend against attacks, such as XSS attacks to obtain cookies, and help defend against cookie hijacking.

If the AppScan scanner detects that the customer site does not insert security configuration fields, such as HttpOnly and Secure, into the cookie of the scan request, it records them as security threats.

Commercial use

Enabling the Cookie Security Attributes

3

Protection Overview part added on the Dashboard page

The Protection Overview part displays the following data:

  • Protection Duration: You can learn of how long the cloud WAF or dedicated WAF you purchase the earliest protects websites in the current enterprise project.

  • Domain Names: You can learn of how many domain names you add to WAF in the current enterprise project, as well as how many of them are accessible and how many of them are inaccessible.

  • WAF Back-to-Source IP Addresses: In this area, you will learn of new WAF back-to-source IP addresses. A notification will be sent one month in advance if there are new WAF back-to-source IP addresses.

  • Updated Rules: In this area, you can check notifications about built-in rule library updates, including emerging vulnerabilities such as zero-day vulnerabilities these rules can defend against. You can also check notifications about new functions, billing details, and critical alarms, such as alarms generated when requests to your domain name bypass WAF.

Commercial use

Dashboard

4

IP address range 0.0.0.0/0 and ::/0 supported for IP address blacklist and whitelist rules

You can configure 0.0.0.0/0 and ::/0 IP address ranges in IP address blacklist and whitelist rules to block all IPv4 and IPv6 traffic, respectively.

Commercial use

Configuring IP Address Blacklist and Whitelist Rules to Block or Allow Specified IP Addresses

5

Case-sensitive path supported by JavaScript-based anti-crawler rules

If a JavaScript-based anti-crawler rule is set to Protect all requests or Protect specified requests, a case-sensitive parameter is added to the condition list. When Field is set to Path, you can enable this parameter to let the rule match case-sensitive paths.

Commercial use

Configuring Anti-Crawler Rules

6

Custom block page supported by precise protection rules

In a precise protection rule, if Protective Action is set to Block, a custom error page can be configured.

Commercial use

Configuring Custom Precise Protection Rules

February 2024

No.

Feature

Description

Phase

Document

1

JS Challenge supported for Protection Action in precise protection rules

The Protection Action in precise protection rules can be set to JS Challenge.

JS Challenge: WAF returns a piece of JavaScript code that can be automatically executed by a normal browser to the client. If the client properly executes the JavaScript code, WAF allows all requests from the client within a period of time (30 minutes by default). During this period, no verification is required. If the client fails to execute the code, WAF blocks the requests.

Commercial use

Configuring Custom Precise Protection Rules

2

CNAME access and ELB access to cloud WAF

The ELB access mode is included as one of the cloud access modes.

When adding your website to WAF, you can select Cloud - CNAME or Cloud - Load balancer for Proteciton.

Commercial use

Adding a Website to WAF (Cloud Mode - ELB Access)

3

The OR relationship can be used for condition groups in global protection whitelist.

When configuring a global protection whitelist rule, you can add three groups of conditions. These groups are in the OR relationship. The rule works if any of the three condition groups is matched.

Commercial use

Configuring a Global Protection Whitelist Rule to Ignore False Alarms

November 2023

No.

Feature

Description

Phase

Document

1

ELB-mode WAF available

If your service servers are deployed on Huawei Cloud, you can add the domain name or IP address of the website to ELB-mode WAF so that the website traffic can be forwarded to ELB-mode WAF for inspection.

  • To use ELB-mode WAF, you need to submit a service ticket to enable it for you first. ELB WAF is available in some regions. For details, see Functions.
  • If you have purchased cloud WAF standard, professional, or platinum edition, you can also use the ELB mode. Your ELB-mode WAF instances can use the domain name, bandwidth, and rule extension packages you have purchased along with cloud WAF.

Commercial use

Adding a Website to WAF (ELB Mode)

August 2023

No.

Feature

Description

Phase

Document

1

Renaming Bandwidth Expansion Package as QPS Expansion Package

The bandwidth expansion package is officially renamed QPS expansion package. 

The service bandwidth limit is the amount of normal traffic a WAF instance can protect. A QPS expansion package contains:

  • For web applications deployed on Huawei Cloud

    Service bandwidth: 50 Mbit/s

    QPS: 1,000 (Each HTTP GET request is a query.)

  • For web applications not deployed on Huawei Cloud

    Service bandwidth: 20 Mbit/s

    QPS: 1,000 (Each HTTP GET request is a query.)

Commercial use

Introduction to Cloud WAF QPS Expansion Packages

2

Requests to All WAF instances counted for triggering a CC attack protection rule

If Protective Action in a CC attack protection rule is set to Verification code, you can set a time range for Lock Verification.

If a visitor fails verification code authentication, verification is required for all access requests within the specified period.

Commercial use

Configuring a CC Attack Protection Rule

3

Periodic security reports

WAF can generate daily, weekly, monthly, or custom security reports based on the report template you have created. Reports will be sent to you by the way and within the time range you configure.

Commercial use

Configuring a Report Template

4

Obtaining IP addresses from the network layer

If you want to use a TCP connection IP address to mark the client IP address, set IP Tag to $remote_addr.

Commercial use

Configuring a Traffic Identifier for a Known Attack Source

May 2023

No.

Feature

Description

Phase

Document

1

Migrating domain names to other enterprise projects

WAF allows you to share domain names of an enterprise project with other enterprise projects.

Commercial use

Migrating Domain Names to Other Enterprise Projects

2

Forwarding custom header fields

You can use WAF to add additional header information, for example, $request_id, to associate requests on the entire link. WAF can follow your configurations to insert additional fields into a header and forward requests to origin servers. Note that the key value of a custom header field cannot be the same as any native Nginx fields.

Commercial use

Forwarding Custom Header Fields

3

TLS v1.3 supported

WAF supports TLS v1.3. TLS v1.3 is incompatible with other TLS versions.

Commercial use

Configuring PCI DSS/3DS Certification Check and TLS Version

4

Protective action Log only supported for information leakage prevention rules

Protective Action for information leakage prevention rules can be set to Log only.

Commercial use

Configuring an Information Leakage Prevention Rule

5

Caching user-defined header fields

WAF can cache user-defined header fields. In the upper part of the page, click Modify Field to configure the header fields you want WAF to cache.

Commercial use

Configuring a Web Tamper Protection Rule

August 2022

No.

Feature

Description

Phase

Document

1

Certificate expiration alarms

WAF has a more friendly alarm notification page, with alarms for certificates before they actually expire included.

Commercial use

Enabling Alarm Notifications

July 2022

No.

Feature

Description

Phase

Document

1

Requests to all WAF instances counted for a CC attack protection rule

All WAF instances: This feature enables WAF to count identified requests to on one or more WAF instances according to the rate limit mode you select. By default, requests to each WAF instance are counted for triggering a CC attack rule. If you enable this, WAF will count requests to all your WAF instances for triggering the rule. To enable user-based rate limiting, Per user or Other (Referer must be configured) instead of Per IP address must be selected for Rate Limit Mode. This is because IP address-based rate limiting cannot limit the access rate of a specific user. However, in user-based rate limiting, requests may be forwarded to one or more WAF instances. Therefore, All WAF instances must be enabled for triggering the rule precisely.

Commercial use

Configuring a CC Attack Protection Rule

June 2022

No.

Feature

Description

Phase

Document

1

Global protection whitelist rules supported

If All protection is selected for Ignore WAF Protection, all WAF rules, including basic web protection rules and custom rules, will stop to block payload hit WAF rules.

Commercial use

Configuring a Global Protection Whitelist (Formerly False Alarm Masking) Rule

2

Shiro decryption check available

The Shiro decryption check is included in Basic Web Protection. After you enable this check, WAF uses AES and Base64 to decrypt the rememberMe field in cookies and checks whether this field is attacked. There are hundreds of known leaked keys included and checked for.

Commercial use

Configuring Basic Web Protection Rules

May 2022

No.

Feature

Description

Phase

Document

1

Modifiable false alarm masking rules

You can modify the false alarm masking rules you add.

Commercial use

Configuring a Global Protection Whitelist (Formerly False Alarm Masking) Rule

April 2022

No.

Feature

Description

Phase

Document

1

Intelligent access control against CC attacks

If you enable intelligent access control, WAF uses built-in AI-powered models to analyze traffic to your website, identify CC attacks and abnormal features in HTTP requests on the origin server, and generate specific precise protection and access control rules for your website. In this way, WAF can then automatically protect your website from CC attacks.

Commercial use

Configuring Intelligent Access Control

2

Website connection timeout protection

WAF allows you to set the timeout period for each request of a domain name. You can set the connection, read, and write timeout periods.

Commercial use

Configuring Connection Timeout

3

HTTP/2 protocol

If your website is accessible over the HTTP/2 protocol, enable HTTP/2 in WAF. The HTTP/2 protocol can be used only for access between the client and WAF on the condition that at least one origin server has HTTPS used for Client Protocol.

Commercial use

Enabling the HTTP/2 Protocol

4

IPv6 protection

WAF allows you to enable IPv6 protection for websites on the WAF console. After you enable IPv6 protection, WAF assigns an IPv6 address to your domain name. In this manner, your website can be reached using the IPv6 address. WAF adds IPv6 address resolution in CNAME record sets by default. IPv6 access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.

Commercial use

Enabling WAF IPv6 Protection

5

Breakdown protection and connection protection

If a large number of 502 Bad Gateway and 504 Gateway Timeout errors are detected, you can enable WAF breakdown protection and connection protection to let WAF suspend your website and protect your origin servers from being crashed. When the number of 502/504 error requests and pending URL requests reach the thresholds you configure, WAF enables corresponding protection for your website.

Commercial use

Configuring Connection Protection

6

Load balancing algorithms

If you configure one or more origin server addresses, you can use a load balancing algorithm to distribute traffic across these origin servers. WAF supports the following algorithms:

  • Source IP Hash: Requests from the same IP address are routed to the same backend server.
  • Weighted round robin: Requests are distributed across backend servers in turn based on the weight you assign to each server.
  • Session Hash: Requests identified by the same session ID are directed to the same origin server.

Commercial use

Switching the Load Balancing Algorithm

December 2021

No.

Feature

Description

Phase

Document

1

New geolocation access control rule configuration available

In the new geolocation access control rule configuration, countries and regions can be selected in batches.

Commercial use

Configuring a Geolocation Access Control Rule

2

Cloud Eye available to WAF

Cloud Eye monitors the metrics of WAF, so that you can understand the protection status of WAF in a timely manner, and set protection policies accordingly.

Commercial use

WAF Monitored Metrics

August 2021

No.

Feature

Description

Phase

Document

1

Rename WAF editions

WAF Professional edition is renamed Standard edition, Enterprise edition renamed Professional edition, and Premium edition renamed Platinum edition.

Commercial use

Buying a Cloud WAF Instance

July 2021

No.

Feature

Description

Phase

Document

1

WAF console entry description changed

The access entry description is changed from Security to Security & Compliance.

Commercial use

Dashboard

2

Information on the Certificates page changed

Information on the Certificates page is reorganized.

Commercial use

Uploading a Certificate

April 2021

No.

Feature

Description

Phase

Document

1

Rule packages available

Rule expansion packages are available on the purchase and upgrade pages.

Commercial use

WAF Cloud Mode Rule Expansion Packages

2

WAF purchase page optimized

On the purchase page, a page for upgrading specifications is added.

Commercial use

Buying a Cloud WAF Instance

March 2021

No.

Feature

Description

Phase

Document

1

Product Details page available

On the Product Details page, you can view information about all your WAF instances, including the edition, domain quotas, and specifications.

Commercial use

Viewing Product Details

February 2021

No.

Feature

Description

Phase

Document

1

Enterprise management available

You can manage WAF resources by enterprise project and set user permissions for each enterprise project.

Commercial use

Managing Projects and Enterprise Projects

2

Header detection available

WAF adds header detection in the basic web protection module.

Commercial use

Configuring Basic Web Protection Rules

January 2021

No.

Feature

Description

Phase

Document

1

Cloud WAF instances billed on a pay-per-use basis available

Cloud WAF instances billed on a pay-per-use basis are available.

Commercial use

Edition Differences

December 2020

No.

Feature

Description

Phase

Document

1

Cloud WAF instances billed on a pay-per-use basis unavailable

Cloud WAF instances billed on a pay-per-use basis are discontinued.

Commercial use

Billing Description

2

Optimizing user experience of anti-crawler function

The website anti-crawler protection used the feature library and JS scripts to defend against bad crawlers.

Commercial use

Configuring Anti-Crawler Rules

October 2020

No.

Feature

Description

Phase

Document

1

Changing specifications of pay-per-use cloud WAF

Specifications of pay-per-use cloud WAF are changed.

Commercial use

Edition Differences

September 2020

No.

Feature

Description

Phase

Document

1

Pay-per-use cloud WAF

WAF offers the cloud WAF instances that can be billed on a pay-per-use basis (postpaid billing mode). You can enable or disable a cloud WAF instance anytime.

Commercial use

Billing Description

August 2020

No.

Feature

Description

Phase

Document

1

One-click enabling of PCI DSS/3DS compliance check

WAF allows you to enable PCI DSS and PCI 3DS certification checks. After PCI DSS or PCI 3DS certification check is enabled, the minimum TLS version is automatically set to TLS v1.2 to meet the PCI DSS and PCI 3DS certification requirements. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. PCI 3-Domain Secure (PCI 3DS) is a PCI Core Security Standard.

Commercial use

Configuring PCI DSS/3DS Certification Check and TLS Version

2

Known attack source rules

If WAF blocks a malicious request by IP address, Cookie, or Params, you can configure a known attack source rule to let WAF automatically block all requests from the attack source for a blocking duration set in the known attack source rule. For example, if a blocked malicious request originates from an IP address (192.168.1.1) and you set the blocking duration to 500 seconds, WAF will block the IP address for 500 seconds after the known attack source rule takes effect.

Commercial use

Configuring a Known Attack Source Rule

3

Certificate management

You can create or delete certificate in WAF. The number of certificates that can be created in WAF is the same as the number of domain names that can be protected by WAF.

Commercial use

Uploading a Certificate

4

Viewing details about basic web protection rules

You can view the CVE IDRisk SeverityApplication Type, and Protection Type of a basic web protection rule.

Commercial use

Configuring Basic Web Protection Rules

July 2020

No.

Feature

Description

Phase

Document

1

TLS cipher suite 4

Cipher suite 4 supports the following cryptographic algorithms:

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-SHA384
  • AES256-SHA256
  • HIGH
  • !MD5
  • !aNULL
  • !eNULL
  • !NULL
  • !EDH

Commercial use

Configuring PCI DSS/3DS Certification Check and TLS Version

June 2020

No.

Feature

Description

Phase

Document

1

Optimizing user experience of anti-crawler function

When you enable the anti-crawler function, a warning dialog box is displayed, describing the restrictions on using the anti-crawler function.

Commercial use

Configuring Anti-Crawler Rules

May 2020

No.

Feature

Description

Phase

Document

1

Fine-grained permission management

With policy-based fine-grained permission management, you can manage permissions based on the principle of least privilege. For example, you can grant permissions for a certain WAF operation or a specific resource under certain conditions.

Commercial use

WAF Permissions Management

2

Professional edition available

The professional edition is suitable for small- and medium-sized websites that do not have special security requirements.

Commercial use

Edition Differences

April 2020

No.

Feature

Description

Phase

Document

1

LTS for WAF logging

After you authorize WAF to access Log Tank Service (LTS), the WAF logs recorded by LTS are available for you to quickly and efficiently perform real-time decisive analysis, device O&M management, and service trend analysis.

Commercial use

Enabling LTS for WAF Logging

March 2020

No.

Feature

Description

Phase

Document

1

New console

The new WAF console provides you with better experience.

Commercial use

Dashboard

February 2020

No.

Feature

Description

Phase

Document

1

Protection against Apache Dubbo Deserialization vulnerability

On February 10, 2020, Apache Dubbo officially released the CVE-2019-17564 vulnerability notice, and the vulnerability severity is medium. Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. Now, HUAWEI CLOUD WAF provides protection against this vulnerability.

Commercial use

Apache Dubbo Deserialization Vulnerability

January 2020

No.

Feature

Description

Phase

Document

1

Multiple cipher suites available in TLS configuration

When Client Protocol of your website is set to HTTPS, you can set a cipher suite (a set of multiple cryptographic algorithms) for the website to meet industry security requirements.

Commercial use

Configuring PCI DSS/3DS Certification Check and TLS Version

December 2019

No.

Feature

Description

Phase

Document

1

Customization of alarm pages

If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as required.

Commercial use

Modifying the Alarm Page

October 2019

No.

Feature

Description

Phase

Document

1

Refined defense against CC attacks

You can customize a CC attack protection rule to restrict access to a specific URL on your website based on an IP address, cookie, or Referer, mitigating CC attacks.

Commercial use

Configuring a CC Attack Protection Rule

September 2019

No.

Feature

Description

Phase

Document

1

Defense against of DoS vulnerability in the open-source component Fastjson

On September 3, 2019, the HUAWEI CLOUD security team detected a DoS vulnerability in multiple versions of the widely used open-source component Fastjson. An attacker can exploit this vulnerability to construct malicious requests and send them to the server that uses Fastjson. As a result, the memory and CPU of the server are used up, and the server breaks down, causing service breakdown. HUAWEI CLOUD WAF provides protection against this vulnerability.

Commercial use

DoS Vulnerability in the Open-Source Component Fastjson

August 2019

No.

Feature

Description

Phase

Document

1

Adding remarks to a user-defined protection rule

When you add a user-defined protection rule, you can add remarks for the rule to facilitate rule management.

Commercial use

Configuration Guidance

July 2019

No.

Feature

Description

Phase

Document

1

Defense against Fastjson remote code execution vulnerabilities

On July 12, 2019, the HUAWEI CLOUD Emergency Response Center detected that the open-source component Fastjson had a remote code execution vulnerability. This vulnerability is an extension of the deserialization vulnerability of Fastjson 1.2.24 detected in 2017 and can be directly used to obtain server permissions, causing serious damage.

WAF can protect your websites against Fastjson remote code execution vulnerabilities.

Commercial use

Remote Code Execution Vulnerability of Fastjson

April 2019

No.

Feature

Description

Phase

Document

1

Defense against Oracle WebLogic wls9-async deserialization remote command execution vulnerabilities (CNVD-C-2019-48814)

On April 17, 2019, the HUAWEI CLOUD Emergency Response Center detected that China National Vulnerability Database (CNVD) released a security bulletin on the Oracle WebLogic wls9-async component. The component has a defect in deserializing input information. Attackers can send well-constructed malicious HTTP requests to obtain the permission of the target server and execute arbitrary code remotely without authorization. CNVD rates the vulnerability as "high-risk."

WAF can protect your websites against Oracle WebLogic wls9-async deserialization remote command execution vulnerabilities (CNVD-C-2019-48814).

Commercial use

Oracle WebLogic wls9-async Deserialization Remote Command Execution Vulnerability (CNVD-C-2019-48814)

2

Configuration of the TLS protocol

When Client Protocol of your website is set to HTTPS, you can set the minimum TLS version for your website to meet industry security requirements.

Commercial use

Configuring PCI DSS/3DS Certification Check and TLS Version

March 2019

No.

Feature

Description

Phase

Document

1

A new field supported in precise protection rules

You can configure a precise protection rule to allow or block requests based on the content in the HTTP field.

Commercial use

Configuring a Precise Protection Rule

February 2019

No.

Feature

Description

Phase

Document

1

WebSocket/WebSockets supported

WAF can check WebSocket and WebSockets requests, which is enabled by default.

Commercial use

Which Web Service Framework Protocols Does WAF Support?

December 2018

No.

Feature

Description

Phase

Document

1

Customization of alarm notification sending frequency

Customization of alarm notification sending frequency

Commercial use

Enabling Alarm Notifications

2

Support for the query of attack logs

Support for the query of attack logs to learn about the security status of service networks.

Commercial use

Viewing Protection Event Logs

October 2018

No.

Feature

Description

Phase

Document

1

Support for wildcard domain names

If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomains a.example.com, b.example.com, and c.example.com have the same server IP address, you can directly add the wildcard domain name *.example.com to WAF for protection.

Commercial use

Adding a Domain Name to WAF (Cloud Mode)

June 2018

No.

Feature

Description

Phase

Document

1

Support for detecting CC attacks based on the Referer field

Support for detecting CC attacks based on the Referer field, more accurate in defending against CC attacks.

Commercial use

Configuring a CC Attack Protection Rule

2

Support for the use of domain names for forwarding traffic back to the original server

Support for the use of domain names for forwarding traffic back to the original server

Commercial use

Adding a Domain Name to WAF (Cloud Mode)

May 2018

No.

Feature

Description

Phase

Document

1

This issue is the first official release

Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

Commercial use

What Is Web Application Firewall?