What Objects Does WAF Protect?
Web Application Firewall (WAF) examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).
WAF can protect websites through domain names or IP addresses.
- In cloud CNAME access mode, only website domain names can be added to WAF.
Your origin server IP address configured in WAF must a public IP address. For example, if an Elastic Load Balance (ELB) load balancer is configured for origin servers, a cloud WAF instance can protect origin servers as long as the load balancer has a public IP address bound.
- In dedicated mode, you can add website domain names or IP addresses to WAF.
Parent topic: About WAF