Updated on 2023-05-16 GMT+08:00

Personal Data Protection Mechanism

To ensure that website visitors' personal data, such as the username, password, and mobile phone number, will not be obtained by unauthorized or unauthenticated entities or people and to prevent data leakage, WAF encrypts your personal data before storing it to control access to the data and records logs for operations performed on the data.

Personal Data to Be Collected

WAF records requests that trigger attack alarms in event logs. Table 1 provides the personal data collected and generated by WAF.

Table 1 Personal data

Type

Collection Method

Can Be Modified

Mandatory

Request source IP address

Attacker IP address that is blocked or recorded by WAF when the domain name is attacked.

No

Yes

URL

Attacked URL of the protected domain name, or URL of the protected domain name that is blocked or recorded by WAF.

No

Yes

HTTP/HTTPS header information (including the cookie)

Cookie value and header value entered on the configuration page when you configure a CC attack or precise protection rule.

No

No

If the configured cookie and header fields do not contain users' personal information, the requests recorded by WAF will not collect or generate such personal data.

Request parameters (Get and Post)

Request details recorded by WAF in protection logs.

No

No

If request parameters do not contain users' personal information, the requests recorded by WAF will not collect or generate such personal data.

Storage Mode

The values of sensitive fields are saved after being anonymized, and the values of other fields are saved in plaintext in logs.

Access Control

Users can view only logs related to their own services.