View attack protection logs and access statistics in Security Reports-Web Application Firewall(WAF)-阿里云帮助中心

To get started with Web Application Firewall (WAF), you need to purchase a WAF instance, add your website, and configure protection policies. You can then monitor attack protection logs and access statistics in Security Reports.

Workflow

Step 1: Purchase a WAF instance

If you have not activated WAF, purchase a WAF instance.
If you have already activated WAF, skip this step and add your website. For more information, see Step 2: Add your website.

Log on to the Web Application Firewall console. On the Welcome to Web Application Firewall (WAF) page, click Purchase WAF Subscription or Activate Pay-as-you-go Edition.
In the Purchase WAF Subscription or Activate Pay-as-you-go Edition panel, select the required product edition and specifications, and then complete the purchase.
After the purchase, click management console to return to the WAF console.

Step 2: Add your website

WAF supports two access modes:

CNAME access: For services on public IP addresses hosted on Alibaba Cloud or external data centers. Requires DNS record changes. CNAME access.
Transparent Proxy: For public Server Load Balancer (SLB) and Elastic Compute Service (ECS) instances on Alibaba Cloud. No DNS changes required. Transparent Proxy.

Note

Before adding your website, ensure WAF is authorized to access other cloud resources. Authorize WAF to Access Cloud Resources.

Add your website.
1. In the left-side navigation pane, choose Asset Center > Website Access.
2. On the Domain Names tab, click Website Access.
3. On the Add Domain Name page, set Access Mode to CNAME Record or Transparent Proxy.
4. Follow the setup wizard to add your website information.
  - For CNAME access, modify your DNS records as described in the following steps.
  - For Transparent Proxy, no further DNS changes are required and this completes the setup process.
After adding the website, view its domain and CNAME address in the Website Access list.
If you set Access Mode to CNAME Record, follow these steps to modify your domain's DNS records and point the domain to the CNAME address provided by WAF.
- If your website does not use other proxy services such as Anti-DDoS or CDN: In your DNS provider console, add a CNAME record and set its value to the CNAME address provided by WAF.
  
  If you use Alibaba Cloud DNS, modify the records in the Alibaba Cloud DNS console. Modify DNS record settings.
- If your website uses other proxy services such as Anti-DDoS or CDN: In the proxy service console, change the origin server address to the CNAME address provided by WAF. Improve website security by using Anti-DDoS and WAF together and Use WAF and CDN to protect a domain for which CDN is enabled.
After modifying DNS records, ping your domain or use a DNS checker to verify the change. DNS changes can take some time to propagate. If the verification fails, wait 10 minutes and try again.

Step 3: Configure website protection policies

After your website is added to WAF, WAF enables the Protection Rules Engine and HTTP Flood Protection by default to defend against common web attacks (SQL injection, XSS, webshell uploads) and CC attacks. To enable other protection modules:

In the left-side navigation pane, choose Protection Config > Website Protection. On the Website Protection page, select the domain to configure from the drop-down list at the top.

Alternatively, navigate to Asset Center > Website Access, find your domain, and click Configure Protection in the Actions column.
Click the Web Security, Bot Management, or Access Control/Throttling tab to configure protection policies. Website protection settings.

Step 4: View security reports

In the left navigation pane, choose Security Operations > Security Reports.
Click the Web Security, Bot Management, or Access Control/Throttling tab to view protection logs and access statistics. WAF security reports.