Product Value
Security ProtectionWAF's virtual patching enables rapid real-time protection and response against vulnerabilities.
- Origin Server Protection
Conceals the real origin server to make your website invisible, preventing exposure of the real IP address to hacker attacks.
- Access Source Control
Through security access control, only WAF IPs are allowed to reach the origin server — all other direct access attempts are blocked, defending against targeted attacks on the origin server IP.
Product Advantages
Low LatencyBGP-based line access ensures stable quality with millisecond-level response latency.
Self-Improving Rule SystemPowered by machine learning, the intelligent detection engine has excellent generalization and automatic learning capabilities. It integrates organically with the rule system to provide stronger security assurance for customer websites.
Automated Elastic ScalingEquipped with automated elastic scaling capabilities backed by public cloud resource pools, UWAF can rapidly scale its own services during CC attacks or sudden traffic spikes — eliminating performance bottlenecks.
Collaborative DefensePowerful cloud-based threat intelligence collection, combined with intelligence from other security vendors, allows UWAF to filter massive volumes of malicious traffic using its intelligence database.
- Rich Rule Support
Based on deep traffic content analysis, UWAF supports customized rule configurations for different business fields, including secondary analysis of field content such as geolocation lookups, automatic malicious IP blocking, CC policies, and custom interception pages.
- 24/7 Expert Support
All UWAF users enjoy free 24/7 expert support. For complex attacks where automated systems or algorithms cannot make precise judgments, security experts can step in to analyze the situation and provide targeted defensive measures.
Product Features
- Web Application Attack Protection
Comprehensive protection against all major web attack types, including SQL injection, XSS cross-site scripting, WebShell uploads, command injection, illegal HTTP protocol requests, common web server vulnerability exploits, unauthorized access to core files, path traversal, and more. Also provides backdoor isolation and scan protection.
- Precise Access Control Rules
Supports conditional combinations of common HTTP fields such as IP, URL, Referer, and User-Agent to build powerful precise access control policies. Also supports anti-hotlinking and website backend protection. Works in conjunction with web attack protection, CC protection, and other security modules to create a multi-layered defense that distinguishes trusted from malicious traffic.
- Malicious CC Attack Protection
Controls access frequency from individual source IPs and supports redirect verification and CAPTCHA challenges. For large-scale slow-request attacks, UWAF analyzes response code distributions, URL request patterns, and abnormal Referer and User-Agent characteristics, combined with precise access control for comprehensive protection.
- Alert Management
Flexible alerting mechanism that can send scheduled alerts for UWAF-associated domains, as well as real-time alerts for events such as a large number of rules triggered in a short time, abnormal origin server responses, or anomalous request-response patterns (e.g., overall requests with status codes above 499 exceeding 30%) — all delivered to users' inboxes to promptly notify them of risks.
