This document describes how to configure protection rules in Web Application Firewall (WAF) to defend against web attacks.
WAF uses a regex-based rule protection engine and a machine learning-based AI protection engine to defend against web vulnerabilities and unknown threats.
WAF's rule protection engine provides expert rule sets based on Tencent Security's accumulated web threat intelligence to automatically prevent OWASP top 10 attacks. Currently, it can defend against 17 categories of common web attacks, such as SQL injections, XSS attacks, malicious scanning, command injection attacks, web application vulnerabilities, WebShell uploads, non-compliant protocols, and trojans.
WAF's rule protection engine supports rule level configuration. You can set the rule protection level according to your actual business needs and enable or disable rule sets, individual rules, and preset rules. You can also use the allowlist of specified URLs and rule IDs to process false positives.
Attack categories that WAF currently can defend against include:
|Attack Category||Attack Description|
|SQL injection attack||In the implementation of websites, the input parameters are not strictly filtered, resulting in the unauthorized acquisition of SQL database content.|
|Malicious scanning||WAF can detect whether the website has been maliciously scanned.|
|Unauthorized access to core files||WAF can detect whether certain configuration files, database files, and parameter data are downloadable at will.|
|Open-source component vulnerability exploiting||Attacks caused by vulnerabilities in common open-source web components.|
|Command injection attack||This is a type of injection attacks, such as shell command injections, PHP code injections, and Java code injections, which can cause websites to execute the injected code if successfully exploited by attackers.|
|Web application vulnerability exploiting||Web application security (security of Java, ActiveX, PHP, and ASP code running on the web server).|
|XXE attack||If the XML processor has external entity references in the XML file, attackers can use external entities to steal internal files and shared files that use the URI file processor, monitor internal scanning ports, execute remote code, and implement denial of service attacks.|
|Trojan horse attack||WAF can detect the communication with the control terminal during or after trojan upload.|
|File upload attack||After a malicious script disguised as a file with a normal extension is uploaded, attackers can execute it through the local file inclusion vulnerability.|
|Other vulnerability exploiting||Attacks caused by the security configuration or vulnerabilities of the web server itself and other software.|
|Non-compliant protocol||Exceptions with HTTP protocol and header parameters.|
The level "Strict" covers rules of the level "Normal" and "Loose", and "Normal" covers "Loose".
- Click **Edit**, modify relevant parameters, and click **OK**. - Click **Delete** and confirm the deletion.