Effectively defense OWASP TOP 10 attacks such as SQL injection, XSS attack, command/code execution, file include, webshell upload, path traversal and malicious scan. Professional attack-defense team will follow up 0day vulnerability 7*24 hours, analyze vulnerability principle and develop security protection policies for timely protection.
Through the study and training of JD's accumulated massive logs, a variety of Web security protection models are output to conduct intelligent analysis of the multi-factor of the user's multi-request, so as to effectively improve detection rate and reduce false alarm rate. Identify the source of malicious attacks through the information island, behavior detection and analysis to protect the security of the website.
Provide intelligent semantics analysis function to enhance SQL injection and XXS attack detection capabilities based on vulnerability defense.
Provide the intelligent CC defense mode; analyze behavior features through AI and generate customized CC protection rules based on different business type and different server processing performance. At the same time, share attack source intelligence data according to JD Cloud whole network big data analysis ability to improve protection efficiency.
Support rate-limiting model. You can develop defensive rules based on the business processing capabilities of the website or the QPS access source IP, to make effective man-machine identification for all requests exceeding the threshold, and directly block the garbage flow.
You can protect particular pages or interfaces according to needs, and a second-level, minute-level defense setting may be performed.
HTTP protocol fields can be combined by the user to develop Identity and Access Management rules. Support setting filter criteria for region, request header and request content; support regular syntax.
Record access logs of all users; perform TOP N to access sources to provide trend analysis. The log download function can be provided as needed.
The mandatory static cache locking and update mechanism is used for protecting specific web pages. Even though relevant web page of origin server is tampered, the cache page can be returned to the user.
Process response packet; carry out identification and filtering of response content and response; set up data leakage prevention rules according to the need to protect the website data security.
The Source IP or the characteristic interface access rate can be set to queue the over-rate access so as to reduce the pressure of the server.
Request headers and response headers can be processed according to business needs; request header replacement or sensitive information hiding settings can be performed.
By default, Web security attack reports, CC attack protection reports, user access statistics reports and customized rule hit reports are provided to meet business reporting and trend analysis requirements.
Full log search and download function are provided. You can obtain real-time log or offline log information through OpenAPI interface.
Bandwidth statistical information based on mean and peak values is provided; an attack bandwidth and a normal proportion are provided to focus on the business situation at any time. Provides a wide range of components to understand Workload Monitoring and change of core indicators.
Launch a lot of vicious requests during website attack or cracker racketeering, occupy and consume core resources of the server for a long time, cause server failure (such as CPU, memory and bandwidth), and lead to slow response of website business or a failure to provide normal services.
Scan, feedback the current page