Use WAF for Security Protection

ID: rule:aliyun:use-waf-instance-for-security-protection
Severity: high

Description

WEB Application Firewall (WAF) should be used to protect websites and APPs from web-based attacks.

Reason for Violation

The ALB instance does not have WAF enabled, leaving web assets vulnerable to attacks.

Recommendation

Enable WAF for the ALB instance by setting LoadBalancerEdition to 'StandardWithWaf'.

Resource Types

• ALIYUN::ALB::LoadBalancer