Access logging is used to record access logs of domain names protected by WAF. It allows you to query and download access logs generated in the last 30 days and retain them for no fewer than 180 days. If you need logs of the last 180 days, submit a ticket for assistance. After enabling this feature, you can query and download access logs as needed to meet your security compliance and Ops requirements.
Health check is enabled for WAF by default. WAF checks the connection status of all real server IPs. For the real server IP that does not respond, WAF will not forward requests to this IP until its connection status becomes normal.
Session persistence is supported and enabled by default in WAF.
Once WAF is disabled, all its protection features are unavailable, and only the traffic forwarding mode starts to run instead, with no logs recorded.
In general, a configuration change takes effect within 10 seconds.
It applies to connection configurations (including setting the real server, link mode, and whether to enable HTTP2.0), instead of protection configurations.
By default, WAF VIP addresses come with Anti-DDoS Basic capabilities (2 Gbps). If blocking occurs in the basic protection and you need to recover your business urgently, purchase an Anti-DDoS Pro instance and bind it to the VIP address of the WAF instance.
If WAF is disabled, the file will not be blocked. If WAF is enabled and the blocking mode is set, WAF will block malicious files uploaded over HTTP or HTTPS, but will not block files uploaded over SFTP. SFTP is a non-HTTP or non-HTTPS protocol beyond the protection of WAF.
No. Renewing the certificate will reload nginx, and the thread will not be recycled until the end of the old request session, so it will not be disconnected.
Customization for TLS protocol and cipher suite is available in Exclusive Edition.
- Check the time period before searching.
- A packet mainly contains the following fields:
attack_content, from which you can query the hit rules for subsequent operations.