Integrate a RASP (Runtime Application Self-Protection) probe into your Node.js application to monitor and defend against malicious behavior and security threats in real time.
Prerequisites
-
The Security Center agent on the server where the application runs must be in the online state.
To check the agent status, go to the Assets > Host page. On the Server tab, check the icon in the Agent column. The
icon indicates that the agent is online. If the agent is offline, troubleshoot the issue. For more information, see Troubleshoot offline agents. -
If you are using application protection as a RAM user, make sure that the RAM user is granted the
AliyunYundunWAFFullAccessandAliyunYundunSASFullAccesspolicies. For more information about how to grant permissions, see Manage RAM user permissions.
Create an application group
-
Log on to the Security Center console.
-
On the Application Configurations tab, click Create Application Group.
-
On the wizard page that appears, enter a name for the Application Group Name, select Node.js for Application Language, enter a description for Remarks, and then click Next.
Set the application group name based on the web business you want to protect. Application group names must be unique. The application language cannot be changed after selection.
After you complete this step, an application group is created.
Manually integrate the application
-
On the Application Configurations tab, find the Node.js application you just created. In the Actions column, click Access Management.
-
Choose Manual Access > Access Guide, and then select one of the two Installation Method options: Quick Install or Standard Installation.
-
After the installation is complete, follow the verification steps under Verify Installation to verify that the probe is running correctly.
Configure a protection policy
On the Application Configurations tab, find the Node.js application you just created. In the Actions column, click Protection Policy. In the Protection Policy dialog box, configure the following parameters.
The default protection mode is Monitor. We recommend that you use Monitor mode for 2 to 5 days first. If no false positives occur during this period, switch to Block mode. If false positives occur, create a whitelist rule to exclude the incorrectly blocked detection type. For more information, see Add an alert to a whitelist.
|
Category |
Parameter |
Description |
|
Protection Policy |
Application Group Name |
The name of the application group. The name cannot be modified here. |
|
Protection Status |
Enables or disables protection for the application group. Enabled by default. When disabled, application protection neither detects nor blocks attacks. |
|
|
Protection Mode |
The protection mode for the application group. Options:
|
|
|
Protection Policy Group |
The default protection policy group is Default Runtime Policy Group. You can select a different policy group from the drop-down list. For more information about policy groups, see Manage protection policies. |
|
|
Threat Type |
The detection types supported by the selected protection policy group. |
|
|
Common Settings |
Detection Timeout Period |
The maximum time for attack detection, in milliseconds. Valid values: 1 to 60,000. Default value: 50. If detection exceeds this time limit, the original business logic continues to execute even if detection is not yet complete. We recommend that you use the default value. |
|
Method to Obtain Source IP Address |
|
|
|
Runtime Circuit Breaking Settings |
When enabled, RASP real-time protection automatically stops if server or process resource utilization exceeds either the CPU or memory circuit breaker threshold. Protection resumes automatically when resource utilization drops below all circuit breaker thresholds. This ensures business stability during traffic peaks. Disabled by default. Enable it if your application is a compute-intensive workload sensitive to performance overhead. Configuration parameters:
Important
|
Verify the integration
If the PID of the application process appears in the authorized instances list of the application group, the integration is successful. To view integrated applications:
-
On the Application Protection page, go to the Application Configurations tab. Click the number in the Authorized Process column for the target application group.
-
In the Process Details panel, view the integrated applications.
If the PID of the application process on the target server appears in the list, the integration is successful.

Limitations
-
Node.js version must be 18.0.0 or later.
-
Node.js 20.6 or later is recommended for full
--importsupport. For versions earlier than 20.6, use--requireto load the probe.
What's next
-
Adjust the protection mode, protection policy group, and other settings for the application group based on your business needs. If false positives occur, create protection whitelist rules to prevent similar alerts. For more information, see Manage protection policies.