Xiao Z Blog Deploys WAF for Enhanced Security

Implementing a WAF is not a high-tech novelty; Xiao Z Blog has officially deployed a Web Application Firewall (WAF) in the production environment to further strengthen website security. We are using the open-source VeryNginx to achieve this. If you need to deploy it yourself, you can refer to the documentation: OneinStack Deploy VeryNginx to Implement WAF Function.

What is WAF?

Web Application Firewall (also known as Web Application Intrusion Prevention System, or WAF) is a product that provides dedicated protection for web applications by executing a series of security policies targeting HTTP/HTTPS.

Website Notes

If you accidentally trigger a WAF rule, your request will be intercepted. For example, attempting to request an illegal address like https://blog.xiaoz.org//www.zip%20Match1:www.zip%20Match2:/ will result in the following error page:

If you encounter any anomalies while visiting the blog recently, please provide feedback below. Your assistance is greatly appreciated.