Professional Documents
Culture Documents
Technical Editing Test
Technical Editing Test
Company:
Date:
Article 1
What is Alibaba Cloud WAF?
Alibaba Cloud WAF is a web application firewall that monitors, filters, and blocks HTTP traffic to and from
web applications. Based on the big data capacity of Alibaba Cloud Security, Alibaba Cloud WAF helps
you to defend against common web attacks such as SQL injections, Cross-site scripting (XSS), web
shell, Trojan, and unauthorized access, and to filter out massive HTTP flood requests. It protects your
web resources from being exposed and guarantees your website security and availability.
Alibaba Cloud WAF is easy to deploy. Users can enable WAF protection for their website by subscribing
to Alibaba Cloud WAF, configuring the website on the WAF console, and updating the website's DNS
records using the WAF. When WAF is deployed on your website, all network traffic to the website is
inspected by WAF. WAF identifies and filters out hacker traffic, and only returns valid traffic to the origin
server.
After a WAF IP address is thrown into the blackhole, all traffic that flows through WAF (normal access or
attack) is blocked.During the blackhole period, you cannot access any domain names protected by the
WAF instance.
Note If a site is thrown into a blackhole, it can be recovered only after the blackhole period ends. The
default blackhole period lasts 150 minutes. The WAF blackhole threshold is the same as the default
threshold of the region where the ECS instance is located.
Note The best solution to traffic-heavy DDoS attacks is to use Anti-DDoS Pro to protect your domain
names.
The blackhole is a service that Alibaba Cloud purchases from the operator who imposes strict
restrictions on the time and frequency to trigger a blackhole. Therefore, you cannot manually
deactivate the blackhole, rather you have to patiently wait for the system to automatically free the
server.
In fact, even if the blackhole is deactivated immediately, it gets triggered again if WAF is still under
heavy-traffic DDoS attack.
How do I know the specific domain name that is under attack when WAF is configured with
multiple domain names?
Generally, the hacker resolves a WAF protected domain name to obtain the WAF instance’s IP
address, and then starts the DDoS attack against this IP address. Heavy-traffic DDoS attacks are
targeting at a WAF IP address. We cannot figure out the domain name that is under attack, based
on the traffic.
However, you can use the domain name split method to find out the domain name that is under
attack. For example, you can resolve some of the domain names to WAF, and the rest to some other
places (ECS origin, CDN, or SLB). If the WAF is no longer in the blackhole, it means that the
hacker’s target lies in the domain names that are resolved to other places. However, this operation
is relatively complex and may expose the origin and other assets, which may lead to a greater
security issue. Unless necessary, do not use this method to find the domain name that is under
attack.
Can you help change the WAF IP address so that my WAF is not thrown into the blackhole?
Changing the WAF IP address does not resolve the problem. A hacker can obtain your new IP
address by pinging your domain name and can start another DDoS attack. So, changing your IP
address will not be of much help.
Is there any difference between a DDoS attack and an HTTP flood attack? Why cannot WAF
defend against HTTP flood attacks?
Heavy-traffic DDoS attacks are layer 4 attacks against IP addresses; while HTTP flood attacks are
layer 7 attacks (for example, HTTP GET/POST Flood). Layer 4 attacks generate huge amounts of
volumes of traffic occupy all "inlets" to an end-resource, blocking normal requests. Layer 7 attacks
send large amounts of packets and requests to the victim, which consumes resources of
intermediate resources.
WAF can defend against DDoS attacks. However, WAF cannot defend against, it requires sufficient
bandwidth resources to take over all traffic to perform the traffic cleaning. Therefore, you can only count
on protection from Anti-DDoS Pro.
Article 2
City Brain provides a forward-looking practice of using rich urban data resources and Internet
technologies including cloud computing, big data processing, and artificial intelligence to promote socio-
economic development and improve urban management. City Brain considers data resources more
important than natural resources such as land and water in urban development. Based on
comprehensive and real-time analysis of urban data, the city government can effectively allocate public
resources, correct defects, and solve key problems in urban development.
Video data is an important part of urban data due to the vividness, massiveness, and real-time
performance. Large cities have invested significant human, material, and financial resources to install
surveillance cameras, build surveillance video networks, and prepare storage devices. However,
surveillance videos are checked by humans. This significantly increases the cost of human resources
and reduces the utilization rate of cameras. To meet the requirements of urban scenarios such as public
traffic and security, the value of video data must be economically and efficiently explored.
City Brain provides the visual AI technology that allows you to obtain the city status in real time and
detect abnormal events. You can build a model for a city and predict the future development of the city.
City Brain can perform real-time or offline analysis and processing on videos and images. It is applicable
to various business scenarios in urban management. A city data center must provide high bandwidth and
workload processing capability to meet the requirements of massive cameras. In addition, a data center
does not provide flexible scale-out capability.
Device-end computing cannot meet the requirements of video analysis due to diverse video content,
limited computing capability of cameras and power supply capability of basic lines, and various camera
software and hardware configurations. Cloud and edge computing has become a mainstream solution
for the real-time analysis of massive video data. Video data collection, code stream storage, and real-
time analysis are performed at edge nodes. The structured results are sent to the cloud computing
center for secondary computing or storage. Resources can be also synchronized among edge nodes.
This way, you can achieve the scale-out of edge nodes and the distributed processing of massive video
data.
Tianqing is a visual intelligence engine that is developed to meet the growing demands of real-time,
comprehensive, and full-scale video analysis. It provides the detection, prediction, and alerting features.
Tianqing collects data from city sensors such as cameras, MAC devices, GPS devices, and Internet
devices. Tianqing performs unified resource scheduling, parses data, and stores the data by using the
Apsara system. Then, it processes the data by using visual AI algorithms and generates structured data.
Tianqing supports multiple business applications and is applicable to urban scenarios such as
transportation, security, municipal administration, business districts, and communications. Tianqing is a
security-oriented service that features rapid and elastic deployment on the cloud and is available to third-
party services.
City Brain is one of the first open and innovative AI platforms in China. Tianqing provides open and
flexible artificial intelligence algorithms for Chinese and international scientific research institutions,
colleges, and AI companies. Tianqing has been applied in multiple City Brain projects of Chinese cities.