WAF is the abbreviation of Web Application Firewall, Cloud WAF is a cloud service to provide security protection services for websites. When ZoTrus Website Security Cloud Service is released, it is based on Alibaba Cloud WAF service, which provides one-stop https encryption, WAF protection and trusted identity validation service. The three-in-one website security cloud service is a service model that adopts a centralized cloud WAF. After two weeks of online testing, we decided to upgrade the service to an edge cloud WAF based on Alibaba Cloud CDN service. This is not only to allow users to quickly download website content, but also to provide faster and more secure WAF protection. This article will talk about why the iterative upgrades moves so quickly and talk about the respective characteristics and advantages of central cloud WAF and edge cloud WAF.
When ZoTrus Website Security Cloud Service was launched on June 2, it was a cloud WAF service based on the Shenzhen node of Alibaba Cloud WAF exclusive version, this is a central cloud WAF service. As shown in the figure below, if the source of the website is located in Beijing and the website visitors are also in Beijing, they can directly and quickly access locally before cloud WAF is adopted, but after using our service, website visitors in Beijing need to first visit the Alibaba Cloud WAF node in Shenzhen, and then the cloud WAF goes to the source website in Beijing to fetch data and return it to users in Beijing. Although the bandwidth from Beijing to Shenzhen is already very fast, the data that Beijing users need to access needs to be accessed from Beijing detours to Shenzhen, and then from Shenzhen to Beijing, which not only wastes cross-regional traffic, but also reduces the user's fast response experience when visiting the website. This is an unreasonable solution.
Therefore, we decisively adopted the solution of CDN plus edge cloud WAF. As shown in the figure below, Alibaba Cloud CDN integrates the edge WAF capability and provides WAF protection function on CDN edge nodes, which can efficiently identify malicious traffic nearby, and can effectively block various attacks and ensure that normal and secure traffic can be quickly returned to the server. That is to say, visitors in Beijing can not only obtain the required data quickly and nearby, but also obtain WAF protection locally. The data required by users does not need to go from Beijing to Shenzhen twice, which will greatly improve the response speed of the website and the user experience. This is the advantage of CDN plus edge cloud WAF.
I believe that readers can understand the advantages of edge cloud WAF from the above simple description. In layman's terms, it is to solve the security protection problem directly in the "last mile", rather than having to go to the central cloud WAF for security protection. Therefore, the author believes that website security requires https encryption protection and cloud WAF protection, but in order to improve user experience, CDN plus edge WAF protection is most needed. The rapid product iteration of ZoTrus Website Security Cloud Service only provides users with the most needed and best website security cloud services.