Which Web Service Framework Protocols Does WAF Support?

WAF is deployed on the cloud.

WAF supports the following protocols:

• HTTP/HTTPS

  Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

  You need to select the HTTP/HTTPS protocol when connecting websites. For details, see Connecting Your Website to WAF.

• WebSocket

  WebSocket is a protocol that enables full-duplex communication over a single TCP connection. The client sends a special HTTP request to the server to upgrade the protocol to WebSocket. If the server supports WebSocket, it returns an HTTP 101 status code, indicating that the protocol switchover is successful. The response key calculated based on the key provided by the client is also returned, which is used to verify the handshake. Once the handshake is successful, the client and server can transmit data bidirectionally through the connection. Therefore, WAF supports WebSocket only during traffic forwarding. It is not supported during traffic detection.

  WebSocket is enabled by default.

• Server-Sent Events (SSE)

  SSE is a network protocol that allows the server to proactively push data to the client. It is established based on the standard HTTP protocol and is a unidirectional communication channel. The client initiates a connection, and the server can continuously and automatically send new data through the connection without repeated requests from the client.

  WebSocket is enabled by default.