Health check is enabled for WAF by default. WAF checks the connection status of all real server IPs. For the real server IP that does not respond, WAF will not forward requests to this IP until its connection status becomes normal.
Session persistence is supported and enabled by default in WAF.
Once WAF is disabled, all its protection features are unavailable, and only the traffic forwarding mode starts to run instead, with no logs recorded.
In general, a configuration change takes effect within 10 seconds.
It applies to connection configurations (including setting the real server, link mode, and whether to enable HTTP2.0), instead of protection configurations.
WAF provides anti-DDoS Basic capabilities (2 G) for VIP addresses by default. In case of an urgent need to resume your business for a VIP address blocked by anti-DDoS Basic, you can:
You are allowed to remove blocking manually only three times per month. The system resets the count of blocking removals at zero o'clock on the 1st day of every month, and the remaining number of allowed removals from last month is not carried over to this month.
If WAF is disabled, the file will not be blocked. If WAF is enabled and the blocking mode is set, WAF will block malicious files uploaded over HTTP or HTTPS, but will not block files uploaded over SFTP. SFTP is a non-HTTP or non-HTTPS protocol beyond the protection of WAF.
No. Renewing the certificate will reload nginx, and the thread will not be recycled until the end of the old request session, so it will not be disconnected.
Customization for TLS protocol and cipher suite is available in the Dedicated edition.