Stable & Intelligent
Enables remote disaster recovery with intelligent scheduling and optimal access; supports resolution on the cloud; deploys within seconds.
Allows you to define your own application-specific protection rules to accurately intercept attacks and reduce misreports, perfect for various industries.
Professional security teams provide 24/7 monitoring. With comprehensive protection configuration, WAF can defend against latest 0-day vulnerabilities.
Supports automatic upgrade on the cloud; detects potential threats and sets up multi-dimensional defense systems in collaboration with other security services.
Malicious visitors use such methods as SQL injection and webshells to intrude website databases and steal service data or other sensitive information.
Uses semantic analysis & regex to examine traffic from different dimensions, precisely detecting attacking traffic.
Supports seven ways to restore codes so that more types of distortion attacks can be detected, preventing WAF from being bypassed.
In cases of 0-day vulnerabilities in third-party frameworks or plug-ins, WAF provides 360-degree protection using virtual patches against attacks that may exploit these vulnerabilities.
Responses, including delivering virtual patches and updating the rule library, to vulnerabilities even before vendors can take action
Lower deployment and O&M costs resulting from service upgrades, avoiding service interruption
If a large number of malicious CC attacks are initiated, core resources are occupied for an extended period of time, causing low website response or service interruption.
Allows you to flexibly set rate limiting policies by IP address or cookie, precisely detects CC attacks, and facilitates stable service running.
Allows you to configure response actions and content of returned pages to meet your particular needs.
Attackers leave backdoors on website servers or tamper with web page content, causing asset loss or negative impact.
Detects malicious codes injected to the website server, protecting security of website visitors.
Prevents attackers from tampering with or changing web page content or publishing indecent information that can damage the website's brand.
Thoroughly detects and blocks OWASP common threats, including malicious scanners, IP addresses, and webshells.
Detects and intercepts attacks, including SQL injection, XSS, file inclusion, directory traversal, sensitive file access, command/code injection, webshell uploads, and third-party vulnerability exploits.
Uses semantics analysis & regex dual engines and supports common code restoration methods, reducing misreporting and enhancing capabilities of detecting distortion attacks.
Limits rate over interfaces and uses man-machine identification, mitigating impact of CC attacks (such as HTTP flood).
Allows you to flexibly set rate limiting policies by IP address and cookie.
Enables you to address diversified needs with customizable content and types of returned pages.
Provides a user-friendly GUI to allow you to view attack information and event logs in real-time.
Central on-console configuration, rapid delivery, and immediate implementation of policies
Real-time information provided, such as access times, numbers and types of security events, and logs
Offers precise and powerful access control policies based on combinations of parameter and logics conditions.
Based on condition combinations of common HTTP parameters such as IP, URL, Referer, User-Agent, and Params
Blocking or releasing based on logics conditions such as "Include", "Exclude", "Equal to", "Not equal to", "Prefix is", and "Prefix is not"