Web Application Firewall

One-stop web business protection solution

Overview

Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering and backdoors, crawlers. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure the operations of web businesses.

Benefits
Virtual Patches for Zero-day Vulnerabilities

The 24/7 monitoring service from Tencent's security team identifies and responds to vulnerabilities proactively. Within 24 hours, it issues virtual patches to combat zero-day and high-risk web vulnerabilities. Protected users can get zero-day and emergency vulnerability protection instantly and automatically, reducing vulnerability response time dramatically.

Webpage Tampering Prevention

Users can cache core web contents to the cloud and publish cached web pages, which act as substitutes and can prevent the negative consequences of web page tampering.

Data Leakage Prevention

Backend data is well protected by pre-event server and application concealing, mid-event attack prevention and post-event sensitive data replacement and concealing.

CC Attack Prevention

WAF’s customized access control, human-machine identification and frequency limitation can effectively filter spam access and reduce CC attacks.

Crawler and Bot Behavior Management

The rules-based webpage crawler and bot management feature of WAF helps enterprises avoid business risks caused by malicious bot behaviors, including website user data leakage, content infringement, competing price comparison, inventory search, malicious SEO and business strategy leakage.

Features

Integration with Tencent's Big Data-based Threat Intelligence

Virtual Patches for Vulnerabilities

Crawler and Bot Behavior Management Module

Data Leakage Prevention

CC Attack Prevention

Webpage Tampering Prevention

Custom Protection Strategies

One-click Integration with High Defense Capabilities

Fast and Reliable Protection Experience

Integration with Tencent's Big Data-based Threat Intelligence


Leveraging Tencent's 20 years of experience in processing massive amounts of data and fighting against cybercriminals, Tencent Cloud has established an industry-leading big security data and threat intelligence platform, which contains detailed information about numerous botnets, global proxies, high anonymity proxies and tor proxies and billions of malicious IPs (for database comparison, brute force attacks, scans, etc.), vulnerabilities and crawlers. In addition, the platform includes great volumes of Internet attack traceability data and domain name attack data.


By fully taking advantage of Tencent's big data-based threat intelligence capabilities, WAF can identify known and unknown attacks and threats on the Internet as soon as they occur. It enables protected users to share threat intelligence, quickly detect intrusions to web businesses and dynamically adjust threat protection strategies to defend against various zero-day attacks and intrusions by cybercriminals.

Virtual Patches for Vulnerabilities


Security OPS teams are overwhelmed by ever-increasing zero-day vulnerabilities. Relying on Tencent's top threat intelligence capabilities, WAF actively detects and promptly identifies high-risk web vulnerabilities and zero-day vulnerabilities and generates protection rules accordingly. Protected users can use WAF to combat emergent and zero-day vulnerabilities without performing any operations, safeguarding websites from ever-emerging web vulnerabilities.


  • Tencent's professional security team offers 24/7 response services for such vulnerabilities.
  • Patches will be made available within 12 hours after identification for high-risk vulnerabilities and within 24 hours for common vulnerabilities.
  • The attack protection strategies of WAF are automatically updated in the cloud and then uniformly distributed globally in just seconds.

Crawler and Bot Behavior Management Module


WAF boasts a proprietary rules-based bot and crawler management module that can differentiate between friendly and malicious bots and crawlers and utilize corresponding management strategies such as letting through the traffic of search engine bots and blocking the traffic of malicious item information crawlers. This feature reduces resource consumption, information leakage and business competition caused by malicious bots and crawlers while ensuring the normal operations of friendly ones (such as search engine bots and advertising programs). Learn more.


  • WAF supports the identification of many types of known bot and crawler behaviors, including but not limited to feed fetching, advertising, screenshotting, search engine crawling, website monitoring, link querying, utility crawling, vulnerability scanning, virus killing, web crawling and speed testing.
  • It can intelligently identify undisclosed and malicious crawler programs and crawler traffic with exceptions by using AI technology to model and learn business traffic characteristics, normal human access behaviors and bot access behaviors.
  • The bot behavior identification rules of WAF can be customized based on the referer characteristics, UA characteristics, request rate, number of times, parameters, path characteristics, IP range, etc.
  • Bot behaviors and blocking details can be classified and displayed graphically to provide a basis for bot management decision-making.
  • Strategies for "monitoring", "blocking" and "letting through" can be flexibly configured.

Data Leakage Prevention


Attacks such as web attacks and system vulnerability exploits operate the backend database, resulting in the leakage of sensitive data like user identity and contact information stored in the database. For data thefts, WAF provides pre-, mid-, and post-event strategies:

  • Pre-event: WAF hides server information such as response codes and database error messages and identifies and blocks hacking scans to prevent footprinting and vulnerability detecting by hackers and increase the difficulty of hacking.
  • Mid-event: WAF detects and blocks hacking and intrusive behaviors such as SQL injections and web shell uploads to prevent the database from being further intruded on by hackers.
  • Post-event: WAF features custom information leakage protection rules that automatically enable data replacement strategies for detected data thefts, i.e., replacing and hiding sensitive data (such as phone numbers and ID card numbers) in the attack response transmission to prevent the data from being acquired by hackers.

CC Attack Prevention


WAF comes with time-tested CC attack protection algorithms, which intelligently and efficiently filter out spam access requests by blocking numerous malicious requests at layer-4 and layer-7. This effectively defends against CC attacks, protects business data from malicious crawling and guarantees the stability of normal business access.


  • CC attacks can be identified based on access frequency and criteria.
    Strategies for "access blocking" or "human-machine recognition" can be enabled.
  • The punishment duration can be customized.

Webpage Tampering Prevention


After WAF is deployed for a website, the core webpages can be cached to the cloud and the webpages in the cache can be published instead to implement webpage substitution. After the deployment, any changes to webpage content will be published only after they are synced to the cloud-based cache in WAF, ensuring that the updates of the protected webpages are controllable and reliable:

  • If the real server is tampered with due to attacks, the content published is still that of the normal webpages in the cache, which prevents the tampering event from spreading.
  • During sensitive periods, the content published can be locked as that of the webpages in the cache, intensifying protection against tampering during sensitive periods.

Custom Protection Strategies


WAF offers a simplified cloud-based web application firewall protection and management experience. In addition, it allows the flexible configuration of protection strategies, making it easy to meet the defense needs of special businesses.

  • Custom defense rules: Web attack protection measures can be configured according to refined custom defense rules that are based on IPs, URL paths, referers and POST parameters.
  • Region-specific blocking: WAF supports extensive region-based blocking that blocklists all access requests from a specific region such as a province or country
  • Protection mode: The "blocking mode" or "observation mode" can be chosen based on your actual business protection needs.

One-click Integration with High Defense Capabilities


Business offerings are often subject to DDoS attack threats. For abrupt high-volume DDoS attacks, WAF provides the function to access Tencent Cloud's Anti-DDoS system with one click, which synchronously covers core regions and seamlessly integrates with hundreds of gigabytes of protection packets to hide real servers and defend against massive DDoS attacks.


Anti-DDoS Advanced offers 2 Gbps of free basic protection bandwidth that can meet the daily needs of enterprise users for secure business operations.

Fast and Reliable Protection Experience


WAF takes advantage of Tencent Cloud's platforms to guarantee the availability of business traffic.


WAF clusters can be deployed in multiple regions with their loads distributed globally to avoid single points of failure.


A highly available elastic scaling architecture is used among nodes, which can quickly migrate and restore data in case of faults and scale the protection capabilities on demand.


The protective cluster resources for different users are isolated to eliminate the potential interplay among business protection services.

Features


Leveraging Tencent's 20 years of experience in processing massive amounts of data and fighting against cybercriminals, Tencent Cloud has established an industry-leading big security data and threat intelligence platform, which contains detailed information about numerous botnets, global proxies, high anonymity proxies and tor proxies and billions of malicious IPs (for database comparison, brute force attacks, scans, etc.), vulnerabilities and crawlers. In addition, the platform includes great volumes of Internet attack traceability data and domain name attack data.


By fully taking advantage of Tencent's big data-based threat intelligence capabilities, WAF can identify known and unknown attacks and threats on the Internet as soon as they occur. It enables protected users to share threat intelligence, quickly detect intrusions to web businesses and dynamically adjust threat protection strategies to defend against various zero-day attacks and intrusions by cybercriminals.


Security OPS teams are overwhelmed by ever-increasing zero-day vulnerabilities. Relying on Tencent's top threat intelligence capabilities, WAF actively detects and promptly identifies high-risk web vulnerabilities and zero-day vulnerabilities and generates protection rules accordingly. Protected users can use WAF to combat emergent and zero-day vulnerabilities without performing any operations, safeguarding websites from ever-emerging web vulnerabilities.


  • Tencent's professional security team offers 24/7 response services for such vulnerabilities.
  • Patches will be made available within 12 hours after identification for high-risk vulnerabilities and within 24 hours for common vulnerabilities.
  • The attack protection strategies of WAF are automatically updated in the cloud and then uniformly distributed globally in just seconds.


WAF boasts a proprietary rules-based bot and crawler management module that can differentiate between friendly and malicious bots and crawlers and utilize corresponding management strategies such as letting through the traffic of search engine bots and blocking the traffic of malicious item information crawlers. This feature reduces resource consumption, information leakage and business competition caused by malicious bots and crawlers while ensuring the normal operations of friendly ones (such as search engine bots and advertising programs). Learn more.


  • WAF supports the identification of many types of known bot and crawler behaviors, including but not limited to feed fetching, advertising, screenshotting, search engine crawling, website monitoring, link querying, utility crawling, vulnerability scanning, virus killing, web crawling and speed testing.
  • It can intelligently identify undisclosed and malicious crawler programs and crawler traffic with exceptions by using AI technology to model and learn business traffic characteristics, normal human access behaviors and bot access behaviors.
  • The bot behavior identification rules of WAF can be customized based on the referer characteristics, UA characteristics, request rate, number of times, parameters, path characteristics, IP range, etc.
  • Bot behaviors and blocking details can be classified and displayed graphically to provide a basis for bot management decision-making.
  • Strategies for "monitoring", "blocking" and "letting through" can be flexibly configured.


Attacks such as web attacks and system vulnerability exploits operate the backend database, resulting in the leakage of sensitive data like user identity and contact information stored in the database. For data thefts, WAF provides pre-, mid-, and post-event strategies:

  • Pre-event: WAF hides server information such as response codes and database error messages and identifies and blocks hacking scans to prevent footprinting and vulnerability detecting by hackers and increase the difficulty of hacking.
  • Mid-event: WAF detects and blocks hacking and intrusive behaviors such as SQL injections and web shell uploads to prevent the database from being further intruded on by hackers.
  • Post-event: WAF features custom information leakage protection rules that automatically enable data replacement strategies for detected data thefts, i.e., replacing and hiding sensitive data (such as phone numbers and ID card numbers) in the attack response transmission to prevent the data from being acquired by hackers.


WAF comes with time-tested CC attack protection algorithms, which intelligently and efficiently filter out spam access requests by blocking numerous malicious requests at layer-4 and layer-7. This effectively defends against CC attacks, protects business data from malicious crawling and guarantees the stability of normal business access.


  • CC attacks can be identified based on access frequency and criteria.
    Strategies for "access blocking" or "human-machine recognition" can be enabled.
  • The punishment duration can be customized.


After WAF is deployed for a website, the core webpages can be cached to the cloud and the webpages in the cache can be published instead to implement webpage substitution. After the deployment, any changes to webpage content will be published only after they are synced to the cloud-based cache in WAF, ensuring that the updates of the protected webpages are controllable and reliable:

  • If the real server is tampered with due to attacks, the content published is still that of the normal webpages in the cache, which prevents the tampering event from spreading.
  • During sensitive periods, the content published can be locked as that of the webpages in the cache, intensifying protection against tampering during sensitive periods.


WAF offers a simplified cloud-based web application firewall protection and management experience. In addition, it allows the flexible configuration of protection strategies, making it easy to meet the defense needs of special businesses.

  • Custom defense rules: Web attack protection measures can be configured according to refined custom defense rules that are based on IPs, URL paths, referers and POST parameters.
  • Region-specific blocking: WAF supports extensive region-based blocking that blocklists all access requests from a specific region such as a province or country
  • Protection mode: The "blocking mode" or "observation mode" can be chosen based on your actual business protection needs.


Business offerings are often subject to DDoS attack threats. For abrupt high-volume DDoS attacks, WAF provides the function to access Tencent Cloud's Anti-DDoS system with one click, which synchronously covers core regions and seamlessly integrates with hundreds of gigabytes of protection packets to hide real servers and defend against massive DDoS attacks.


Anti-DDoS Advanced offers 2 Gbps of free basic protection bandwidth that can meet the daily needs of enterprise users for secure business operations.


WAF takes advantage of Tencent Cloud's platforms to guarantee the availability of business traffic.


WAF clusters can be deployed in multiple regions with their loads distributed globally to avoid single points of failure.


A highly available elastic scaling architecture is used among nodes, which can quickly migrate and restore data in case of faults and scale the protection capabilities on demand.


The protective cluster resources for different users are isolated to eliminate the potential interplay among business protection services.

Scenarios

WAF protects business data from being intruded on, tampered with and stolen and filters out all kinds of attack and spam traffic, supporting the normal and stable operations of core Internet+ businesses.


It eliminates the negative impact of various issues caused by malicious bots, such as copyright infringements, malicious SEO, data crawling and leakage and spam traffic.


It features high availability and elastic scalability based on business size and reduces protection costs.

WAF intelligently filters out attacks and spam access requests by malicious crawlers to ensure smooth business access in various high-concurrence scenarios such as flash-sales and marketing campaigns.


It eliminates the negative impact of various issues such as competing price comparison, inventory query and malicious SEO caused by malicious bots and crawlers to ensure the effectiveness of marketing strategies.


It features high availability and elastic scalability based on business size and reduces protection costs.

WAF protects the content of government service websites (such as those for governmental affairs, healthcare, education, social security and taxation) from being hacked and tampered with. It also prevents the intrusion and theft of civic data and ensures the availability of civic services.

WAF protects corporate portals from intrusions, trojans and tampering to avoid economic losses and brand image damage caused by website security incidents.


Its hardware-free and OPS-free characteristics help enterprises reduce security-related labor costs.

Pricing

Tencent Cloud Web Application Firewall is pay-as-you-go with a daily billing cycle. No advanced payment is required. The bill is generated daily according to the QPS peak and billing tier. View more>