Frequently Asked Questions (FAQ)

A:

Yes. ZoTrus Website Security Cloud Service is a boon for virtual hosting users. Its implementation principle is to automatically deploy SSL certificate on cloud WAF instead of deploying it on user web server, so it is especially suitable for virtual hosting users who cannot install SSL certificate, no need to apply for an SSL certificate, no need to install an SSL certificate or ACME client software, just do CNAME domain name resolution twice, then enable https encryption and WAF protection for the website in 10 minutes. All browsers will display the security padlock instead of displaying as "Not secure".

A:

Cloud WAF is the abbreviation of Cloud Web Application Firewall. It is a website security protection service to prevent websites from being attacked, trojan-ed and web pages being tampered with, etc. ZoTrus Website Security Cloud Service provides one-stop https encryption and WAF protection services based on Alibaba Cloud WAF, which can ensure encrypted transmission of website confidential information and effectively intercept various website attacks. One is encryption protection from the transmission path, and the other is security protection of the website (allowing normal connections and blocking illegal connections), the two services support each other and jointly protect the security of the website, both are indispensable.

ZoTrus Website Security Cloud Service adopts Alibaba Cloud WAF protection. You only need to ping your website domain name to know whether your website has achieved cloud WAF protection. The screenshot of ping the domain name: zotrus.com as shown in the figure below shows that it is actually pinging a domain name of *.yundunwaf3.com, which is the CNAME resolution domain name of the protected website by Alibaba Cloud WAF, which can prove that this website is protected by Alibaba Cloud WAF.

The upgraded version of ZoTrus Website Security Cloud Service is based on the Alibaba Cloud CDN+WAF service provision. When ping user website, a domain name of *.w.kunlunaq.com will be displayed. This is the CNAME domain name resolution of the protected website by Alibaba CDN+WAF, which can prove that this website is content-distributed and protected by Alibaba CDN+WAF.

If you use the ZT Browser to access the ZoTrus official website, a cloud WAF protection icon will be displayed in the browser address bar. Click on the icon, and the following information will be displayed, indicating that it is Alibaba Cloud WAF protection.

A:

ZoTrus Website Security Cloud Service is based on the Alibaba Cloud WAF service to provide https encryption and WAF protection automatically. The customized exclusive edition that we use costs hundreds of thousands of Yuan per year, and the protection function is stronger than the flagship edition of the WAF service on Alibaba Cloud official website. You can understand that we purchase wholesale and then retail to each website, enjoying the wholesale price, which greatly reduces the cloud WAF protection cost of each website, and even the price is lower than the basic edition in Alibaba Cloud. Our service makes the high-end and expensive WAF protection also universal benefit to every website and realizes the universal benefit security for every website.

A:

Support. If your website has already deployed an SSL certificate, it can be used directly as https encrypted for to-origin. To-origin https does not validate whether the SSL certificate is trusted or expired. If your website supports the installation of an SSL certificate, but has not yet deployed an SSL certificate, please choose to request a free to-origin SSL certificate when applying for our service. This is a self-signed certificate bound to the domain name, which is limited to be used for https to-origin only.

If the website does not support the installation of an SSL certificate (such as a virtual hosting), you can only use http to-origin. The difference between the two way is that the connection from the Alibaba Cloud WAF to your website is encrypted in the first one and cleartext in the second one.

Therefore, in order to achieve full-link encryption, it is recommended to deploy an SSL certificate on the origin server to implement https encryption to-origin. For customers who cannot deploy an SSL certificate or do not want to deploy an SSL certificate, it is recommended to set the origin server to allow access to the Alibaba Cloud WAF to-origin IP only. Please log into your account, and there is a download link in the order details. You can download the Alibaba Cloud WAF to-origin IP address list file. In this way, you can not only hide your server's IP address, but also protect your server from external IP attacks. This is also zero trust to all external IP connections, only trust the connections from Alibaba Cloud WAF IPs.

A:

For a better user experience, generally the www.domain and the non-www.domain resolute to the same website, but these belong to two domain names. Alibaba Cloud WAF charges according to the number of protected domain names. Therefore, you need to purchase two website security cloud services.

If you want to save money and only need to protect the www.domain name, you only need to purchase cloud services for this domain name, enable cloud WAF protection, and set the non-www.domain forward to the www.domain. However, please note: CNAME forwarding cannot be performed directly, and Alibaba Cloud WAF does not support it. You can only perform Web forwarding on your own server to the www.domain. If you are not sure how to set up web forwarding, you can consult customer service after purchasing our cloud service.

A:

ZoTrus Website Security Cloud Service has four different editions: Basic Edition, Pro Edition, EX Pro Edition and EX Pro Plus Edition, which correspond to the automatic configuration of DV SSL certificate, OV SSL certificate, EV SSL certificate and dual OV SSL Certificate respectively. And we give each edition customer a Website Trusted EV Certification Service for FREE that worth 288 Yuan. After customers who have purchased the Basic Edition and have completed the website trusted EV certification, ZT Browser will appear as if the EV SSL certificate has been deployed that also displays a green address bar and company name.

This solution greatly reduces the cost of purchasing an SSL certificate, and also makes up for the lack of website identity when the website deploys a DV SSL certificate that only validates the domain name. It is a solution for the best of both worlds.

A:

The main reason is that the SSL certificate is different and the protection parameters of cloud WAF are different. The Basic Edition is a popular entry-level product. It is automatically configured with a DV SSL certificate that only validates the domain control, while the Pro Edition is configured with an OV SSL certificate that validates the website identity. And the three key parameters in the cloud WAF service are also different. The Basic Edition of QPS (connection query per second) is 200, while the Pro Edition is 400. The business bandwidth is also different, the Basic Edition is 10 megabytes, while the Pro Edition is 20 megabytes. DDoS attack protection traffic is also different, the Basic Edition is less than 2G bps, and the Pro Edition is less than 3G bps.

Please choose the appropriate service edition according to the website traffic and business bandwidth. You cannot choose the edition based on price only. Otherwise, once the traffic exceeds the specified limitation, the cloud WAF system will stop providing services.