When Access Logs is enabled, WAF stores the logs for at least 180 days. You can query and download access logs of the last 30 days. To download logs of the last 180 days, please submit a ticket.
Yes. WAF checks the status of all real server IPs at L4 and L7. If a real server fails the health check too many times and exceeds the check threshold, it will be isolated. For more information, please submit a ticket.
Yes。 WAF supports session persistence. You can submit a ticket to activate this feature.
No. Once WAF is disabled, all its protection features are unavailable, and only the traffic forwarding mode starts to run instead, with no logs recorded.
In general, a configuration change takes effect within 10 seconds.
Note:It applies to connection configurations (including setting the real server, link mode, and whether to enable HTTP2.0).
WAF VIP addresses come with 2-GB Anti-DDoS Basic protection bandwidth. When you need to recover your business immediately after the VIP is blocked, purchase an Anti-DDoS Pro instance and bind it to the VIP address.
If WAF is disabled, the file will not be blocked. If WAF is enabled and the blocking mode is set, WAF will block malicious files uploaded over HTTP or HTTPS, but will not block files uploaded over SFTP. SFTP is a non-HTTP or non-HTTPS protocol beyond the protection of WAF.
No. Updating the certificate will reload nginx, and the thread will not be recycled until the end of the old request session, so it will not be disconnected.
Note:
- SaaS WAF supports ECDHE cipher suites by default (such as TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA).
- Customization for TLS protocol and cipher suite is available in the Exclusive edition.
Note:
- Specify the query period.
- Check information of the hit rule in the log fields:
attack_type
,rule_id
, andattack_content
.
Was this page helpful?