What Is WAF?
Tencent Cloud Web Application Firewall (WAF) is an AI-based one-stop solution for Web business operation risk protection. It identifies malicious traffic through dual engines of AI + rules, protects website security, and enhances the security and reliability of web sites. Through BOT Behavior Analytics, it defends against malicious access behaviors and safeguards the core business security and data security of websites.
Tencent Cloud WAF provides two types of cloud-based WAF: SaaS WAF and cloud-native WAF. Both offer basically the same security protection capabilities, but their connection methods differ.
SaaS WAF resolves a domain name to the CNAME address provided by the WAF cluster through DNS and configures the origin server IP address through WAF. In this way, malicious traffic is cleansed and filtered, and normal traffic is forwarded to the origin server, protecting website security.
Cloud Native WAF works in conjunction with Tencent Cloud CLB clusters. It mirrors HTTP/HTTPS traffic from the load balancer to the WAF cluster, where threat detection and cleansing are performed in bypass mode. The trusted status of user requests is then synchronized back to the load balancer cluster to block or allow traffic based on threat status, enabling comprehensive website security protection.
Tencent Cloud WAF effectively defends against OWASP attacks such as SQL injection, cross-site scripting (XSS), Trojan uploads, and unauthorized access. Additionally, it filters CC attacks, provides zero-day vulnerability patching, prevents webpage tampering, and safeguards website systems and business security through multiple means.
Main Features
|
| AI and rule-based web attack identification prevents bypass attempts, ensures low false alarms and false positives, and provides effective defense against common web attacks such as SQL injection, unauthorized access, XSS, cross-site request forgery (CSRF), and WebShell Trojan upload, and other top 10 web security threats defined by OWASP. |
Zero-day vulnerability virtual patching | Tencent Security Team monitors 7 * 24 hours, proactively identifies and responds to threats. Critical Web vulnerabilities are released within 24 hours. Virtual patching for zero-day vulnerabilities enables protected users to automatically obtain emergency vulnerability and zero-day attack protection capabilities without any operation, significantly reducing vulnerability response cycles. |
| Users can configure core webpage content to be cached in the cloud and publish the cached webpage content externally. This ensures that even if the original page is tampered with, the cached content acts as a substitute, preventing negative impacts on the organization caused by webpage tampering. |
| Prevent the background database from being stolen by hackers through server application hiding before events, intrusion protection during events, and sensitive data replacement and hiding after events. |
| Smart CC protection integrates abnormal origin server responses (timeouts, response delays) with big data analysis of website behavior to intelligently generate defense policies. Multi-dimensional precise access control, combined with countermeasures like bot recognition and frequency control, efficiently filters junk traffic and mitigates CC attacks. |
Crawler BOT traffic management | AI + rule-based web crawler and BOT management helps enterprises mitigate business risks caused by malicious BOT activities, including site user data leakage, content infringement, competitive pricing, inventory scraping, black-hat SEO, and business strategy leakage. |
30-line BGP IP access protection | WAF supports 30-line dedicated BGP IP link access for protection nodes. With intelligent node scheduling, it effectively resolves access latency issues, ensuring website access speed for users in tier 1 to 18 cities. This enables seamless cloud WAF security deployment without impacting website access speed. |
Why Do You Need WAF?
In the following scenarios, using WAF can effectively defend and prevent threats, ensuring the system and workload security of enterprise websites.
Data Leakage (Leakage of Core Information Assets)
Websites serve as the entry point for many enterprise information assets. Hackers can steal enterprise information assets through Web intrusions, causing immeasurable losses to enterprises.
Malicious Access and Data Scraping (Service disruption, data exploited by competitors)
Hackers launch CC attacks against websites using zombie machines, exhausting resources and causing service disruption. Malicious users employ Web crawlers to scrape core website content (literary blogs, job portals, forums, e-commerce comments). E-commerce sites suffer targeted scraping of product details by competitors for research. Coupon abusers attempt to hunt for discounted goods or obtain advance intelligence before major promotions to exploit loopholes.
Website Defacement and Malware Injection (Damaging credibility and reputation)
After gaining access to websites or servers, attackers inject malicious code to make users execute harmful programs, generate illicit traffic, steal accounts, or show off technical skills. They implant links to "pornography, gambling, and illegal content," alter webpage images and text, severely disrupting website operations and tarnishing the owner's reputation. This results in significant losses to public credibility and brand image.
Framework Vulnerabilities (Attacks during patch deployment window)
Many Web systems are based on common open-source frameworks like Structs2, Spring, WordPress, and so on. These frameworks frequently expose security vulnerabilities. The maintenance window while waiting to install patches becomes a critical and perilous period, as widespread attacks often emerge within a day after vulnerabilities are disclosed.
Large-Scale DDoS Attacks Causing Business Disruption
To disrupt competitors' operations or render key portals inaccessible, DDoS attacks have become a low-cost, low-barrier attack method. They severely impact business continuity and brand reputation, often leaving operators passive during attacks.