WAF

WAF

Web Application Firewall (WAF) acts as a shield for web apps and websites against multiple attacks such as SQL injection, malicious file execution, cross-site scripting, and more. Powered by Huawei's machine learning technology, WAF intelligently filters out malicious traffic to safeguard data, ensure fast load times, and maintain uptime.

Web Application Firewall (WAF) acts as a shield for web apps and websites against multiple attacks such as SQL injection, malicious file execution, cross-site scripting, and more. Powered by Huawei's machine learning technology, WAF intelligently filters out malicious traffic to safeguard data, ensure fast load times, and maintain uptime.

Free Packages Free

Register now to take advantage of these incredible deals

Huawei Cloud Blossom Program

Help your business bloom with cloud resource discounts, free trainings, and so on

Application Scenarios

WAF guards your online apps and websites against emerging threats 24/7

Prevent Sensitive Data Loss

Reduce Risk of Data Loss

WAF prevents hackers and bad actors that attempt to bypass application security and gain remote access to web databases.

Advantages

  • Precise Identification

    WAF precisely identifies malicious traffic to stop attacks based on pre-configured and customized rules.

  • SQL Injection and XSS Detection

    WAF detects a wide range of distortion attack patterns with 11 decoding methods to prevent bypass attempts.

Related Services
HSS
DBSS
Protect Against Zero-Day Threats

Proactive Zero-Day Protection

WAF performs virtual patching to intercept threats that exploit known and unknown zero-day vulnerabilities in third-party software or plug-ins.

Advantages

  • Quick Response

    Configure WAF to implement improvised security policies and rules even before the third-party vendors patch their software.

  • Cost-effective

    WAF uses rules instead of patches to fix vulnerabilities, simplifying maintenance to reduce the cost of cloud security.

Related Services
HSS
Defend App-layer DDoS Attacks

Protection Against Application Layer DDoS Attacks

WAF protects your web apps and servers from sophisticated application layer DDoS attacks, ensuring business continuity. For added protection against large volumetric DDoS attacks, the Advanced Anti-DDoS (AAD) service is also recommended.

Advantages

  • Flexible Configuration

    You can configure rate limiting policies by IP address or cookie to precisely detect and prevent CC attacks.

  • Customization

    WAF enables you to easily customize response actions and the content of alarm pages.

Related Services
AAD
Safeguard Important Websites

Prevent Web Page Tampering and Defacements

WAF ensures that attackers cannot insert backdoors on your web servers or tamper with your web page content, preventing damage to your brand's credibility. 

Advantages

  • Malicious Code Detection

    Configure WAF to detect attempts to inject malicious code onto web servers.

  • Intelligent Defacement Protection

    Prevent attackers from tampering with web page content, hijacking websites, or publishing inappropriate information.

Related Services
VSS
HSS

Functions

Comprehensive Web Attack Defense 

WAF's built-in capabilities help you precisely identify and block threats, and allow you to configure different security rules for apps and websites.

Precise identification

WAF uses semantics analysis and regex dual engines for the precise identification of good and bad traffic, significantly reducing false positives.

Guard against widespread HTTP application attacks

Configure WAF to detect and intercept attacks, including SQL injection, XSS, file inclusion, directory traversal, sensitive file access, command/code injection, web shell uploads, and third-party vulnerability exploits.

DDoS CC Attack Guard 

Identify real users, configure rate limiting, and block fake users, to mitigate the impact of denial-of-service Challenge Collapsar (CC) attacks.

Fine-grained flexibility

You can flexibly set rate limiting policies by IP address and cookie.

Customization

You can customize the content of returned pages based on your requirements.

Visualized Security Monitoring 

Using WAF's user-friendly console, view real-time security information to increase your threat posture awareness.

Centralized rule configuration

Easily configure, deploy, and manage multiple security rules for each attack scenario.

Real-time statistics

Quickly get actionable insights with real-time visibility into security events, and enable security administrators to drill down into attack alerts and logs.

Secure Access Control 

WAF enables you to define precise parameter- and logic-based access control to fine-tune your protection.

Various parameter conditions

You can configure different combinations of common HTTP parameters such as IP, URL, Referer, User-Agent, and Params.

Abundant logic conditions

You can block or allow traffic based on logic conditions such as "Include", "Exclude", "Equal to", "Not equal to", "Prefix is", and "Prefix is not".

WAF

Project and Enterprise Project

Project

Projects in IAM are used to group and isolate OpenStack resources (computing resources, storage resources, and network resources). Resources in your account must be mounted under projects. A project can be a department or a project team. Multiple projects can be created under one account.

Enterprise Project

Enterprise projects are used to categorize and manage multiple resources. Resources of the same type can be put under an enterprise project. The use of enterprise projects does not affect the use of HSS.

You can classify resources by department or project group and put related resources into one enterprise project for management. Resources can be moved between enterprise projects.

Differences Between Projects and Enterprise Projects

IAM Project

Projects are used to categorize and physically isolate resources in a region. Resources in an IAM project cannot be transferred. They can only be deleted and then rebuilt.

Enterprise Project

Enterprise projects are upgraded based on IAM projects and used to categorize and manage resources of different projects of an enterprise. An enterprise project can contain resources of multiple regions, and resources can be added to or removed from enterprise projects. If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.

Both projects and enterprise projects can be managed by one or more user groups. Users who manage enterprise projects belong to user groups. After a policy is granted to a user group, users in the group can obtain the permissions defined in the policy in the project or enterprise project.

For details about how to create a project, create an enterprise project, and grant policies, see Project and Enterprise Project.

Videos

Viewing Event Logs

02:24

Viewing Event Logs

What Is Web Tamper Protection?

04:56

What Is Web Tamper Protection?

Enabling Alarm Notification

02:16

Enabling Alarm Notification

Viewing Event Logs

02:24

Viewing Event Logs

What Is Web Tamper Protection?

04:56

What Is Web Tamper Protection?

Enabling Alarm Notification

02:16

Enabling Alarm Notification

Configuring a CC Attack Protection Rule

03:14

Configuring a CC Attack Protection Rule

Configuring a Blacklist or Whitelist Rule

01:48

Configuring a Blacklist or Whitelist Rule

Configuring a Precise Protection Rule

03:40

Configuring a Precise Protection Rule

Configuring a CC Attack Protection Rule

03:14

Configuring a CC Attack Protection Rule

Configuring a Blacklist or Whitelist Rule

01:48

Configuring a Blacklist or Whitelist Rule

Configuring a Precise Protection Rule

03:40

Configuring a Precise Protection Rule

Documentation

Learn more about Web Application Firewall

Getting Started

User Guides

Frequently Asked Questions