Skip to Content
Frequently Asked QuestionsPrecautions & FAQ

Notices & FAQ

Notices

  • When the deployment region is a domestic region like Beijing, Shanghai, or Guangzhou, the domain must be filed.
  • Domain Name System (DNS) services may take approximately 10 minutes to take effect, depending on the actual situation.
  • Supports renewal, automatic renewal, change of billing method, version upgrade, and closure for refund.
  • Supports adding non-Surfercloud domain names, and any available zone can be chosen for addition. Currently, multiple regions’ available zones can use UWAF (there is no functional or performance difference between the same version in different available zones, only the configuration deployment room locations are different).
  • Downgrading of version is not supported; if you need to delete any expansion packs bought from the “Quota Management”, please consult technical support.

FAQ

How to prevent attackers from bypassing UWAF?

Origin hosts can set up a whitelist and a blacklist, only allowing connections from UWAF origin IP segments and some trusted IP address segments, and rejecting all the connections from other IP addresses.

How to view the UWAF back-to-origin IP address?

At the UWAF console [overview](/docs/uewaf/features/info/info#overview page description) interface’s “Information Announcement” column, just below is a “Basic Information” row, the last line is “Back-to-origin IP”, click “View” to get the corresponding back-to-origin IP segment address.

Will UWAF support protection when the latest high-risk vulnerabilities appear?

Whenever the latest vulnerabilities are exposed, our security engineers will follow up in real time, analyzing POCs and vulnerability principles, extracting corresponding detection rules, and timely deploy new rules to UWAF.

UWAF supports virtual patches, what is a virtual patch?

UWAF system’s blockade against vulnerability attacks is referred to as “virtual patches”, meaning it is not truly patching, but temporarily blocking the attack to buy time for the business side to update the patch.

If the origin host is a ULB load balancing gateway, should I directly fill in the gateway IP or the subnet host IP?

If there is an external ULB, just fill in the ULB gateway IP, there is no need to fill in the subnet host IP. For request proxy type ULB, ULB version UWAF is recommended, for available zones see Price Description - ULB version UWAF.

What should I be aware of when opening “HTTP2 forwarding” for the domains on UWAF?

After opening “HTTP2 forwarding”, all the domain’s HTTPS ports under the same protection IP will support HTTPS. If you only want individual domains to open HTTP2.0, it is suggested that these types of domains use a dedicated IP. For HTTPS port 443, it is suggested that “HTTPS redirect” be opened simultaneously. HTTP ports don’t support HTTP2.0.

What is the priority sequence of various rules on UWAF like blacklist/whitelist, CC rules, UWAF rules?

Refer to [Rule Priority](/docs/uewaf/features/rule/mode#rule priority).

What is the response status code for requests intercepted by UWAF?

For requests intercepted by triggering UWAF rules: it responds with a 404 status code and the default blocking page. Flagship and exclusive custom version users can customize the response status code and blocking page. For requests from IPs that trigger CC rules: if the restriction method is to block such requests, it rejects the connection and records a 444 status code; if the restriction method is to enable verification code, it responds with a 200 status code and a verification code page; if the restriction method is to limit request rate, it responds with a 429 status code to requests exceeding the rate. For requests from IPs on the blacklist: if the action is to block, it rejects the connection and records a 444 status code; If the action is a verification code, it responds with a 200 status code and a verification code page.

GlossaryClient's Real IP and Port