AIONCLOUD Docs
AIONCLOUD service

AIONCLOUD(Application Insight on Cloud) is a cloud based web security service.

Login on Brandsite

Click the login of top menu after access to AIONCLOUD Brandsite (https://www.aioncloud.com)

If you success login, you can see "User Console" button on the top.
You can access AIONCLOUD User console site (User Console) after click this button.

Login on User Console

Access to AIONCLOUD User Console (https://console.aioncloud.com) and login.

WAF service

WAF protects against the most critical web threats such as SQL injection, DDoS, information leaks and identity theft. WAF detects and blocks millions of web threats for thousands of sites.

Domain Info menu

The domain list and its information registered to current service.

You can register new domain, check or edit domain list.

Domain Register

Click “Add Domain” in Domain info menu to register the target domain.

Step 1. Select the domain type, enter the domain in the Input box and click “Next”

Step 2. Click “Next” after entering the domain detail in Network info and Certificate Info.
- Network Info : you can register various protocol and IP/CNAME at the same time.
- Certificate Info : HTTPS server needs to click on the certificate button to register the certificate.

Step 3. Click on “Complete” button to finalize CloudWAF service.
- When you register a root-domain, you can get aioncloud NS record for change Name Server.
- When you register a sub-domain, you can get new cname for change CNAME.
※If you register a sub-domain after the changing AIONCLOUD Name Server, new record is automatically added to the AIONCLOUD name server.

DNS Lookup Process

When a client accesses the www.aaa.com domain through a browser, the DNS server query for the domain's access path.

If the host DNS setting is set to A record, the DNS server checks the public IP address of the matching web server and connects to the corresponding path.

Host DNS setting of AIONCLOUD service uses Cname method. The host's Cname is managed by the AIONCLOUD, and the IP that matches the Cname is the WAF IP.

DNS fail-over is done automatically when there is a problem in the WAF. The IP that matches the Cname is changed to the web server public IP of the domain, so the client can use the web service without any trouble.

Change NameServer (Hosting service)

Check for the presented NameServer Record in DNS menu.

NameServer changing differs on the hosting service. Refer to the DNS Record setting guide from each hosting service.

GoDaddy: https://www.godaddy.com/help/change-an-a-record-19239

HostGator: https://www.hostgator.com/help/article/how-do-i-change-my-dns-or-name-servers

Wix: https://support.wix.com/en/article/adding-dns-records-in-your-wix-account

Check if the NameServer has altered correctly by inquiring Lookup.

Refresh in the domain list after checking the alteration.

Change Cname (GSLB)

Check for the presented DNS(Cname) Record in “Detail” of Domain list.

Access public cloud GSLB interface.

Change the existing DNS record setting in the webserver to AIONCLOUD Cname.

Below example is AWS Route 53 GSLB interface. Interface can differ on GSLB service.

Check if the DNS has altered correctly by inquiring Lookup Changing DNS will be applied differ on TTL setting.

Refresh in the domain list after checking the alteration.

Change Cname (Hosting service)

Check for the presented DNS(Cname) Record in “Detail” of Domain list.

DNS Record setting differs on the hosting service. Refer to the DNS Record setting guide from each hosting service.
- Gabia DNS Record setting
https://customer.gabia.com/manuals/detail_pop.php?seq_no=2711
- Whois DNS Record setting
http://cs.whois.co.kr/manual/?p=view&page=1&number=434
- Cafe24 DNS Record setting
https://help.cafe24.com/cs/cs_faq_view.php?idx=438&page=1

Check if the DNS has altered correctly by inquiring Lookup.

Refresh in the domain list after checking the alteration.

Change Cname (DNS server)

Check for the presented DNS(Cname) Record in “Detail” of Domain list.

Alter the Zone file in the Name Server Daemon using Vi tool.

Change the existing DNS record setting in the webserver to AIONCLOUD Cname.
- ※ Below example is BIND(Berkeley Internet Name Domain) daemon. DNS Record setting differs on the Name Server Daemon.

Check if the DNS has altered correctly by inquiring Lookup.

Refresh in the domain list after checking the alteration.

DNS menu

You can check DNS menu by clicking the "DNS" button in Domain Info

You can add record by clicking the "Add New Record" button.
- Appendable Record : A, AAAA, CNAME, CAA, LOC, MX, PTR, SPF, SRV, TXT

You can register AIONCLOUD WAF by clicking the "Unprotected" button.
After registration it changes to "Protected".

You can delete a record by clicking the "Delete" button.

You can't delete a record if it's "Protected" state.

You can delete the record after entering the unprotected state by deleting the domain in "Domain info".

Policy setup menu

In the 'Web Application Firewall - Policy Setting' menu, select the URL to set in 'Domain' and proceed with policy setting for that URL.

It is necessary that click "Apply" button on policy setup menu after change policys.

Policy setting (Attack)

Click on ON / OFF button to start attack policy setup.
- If the policy setup is ‘ON’, it will perform detection with selected policy and perform blocking.
- If the policy setip is ‘OFF’, it will not detect with selected policy.

Configurable Attack policy

Policy Desctiption
SQL Injection A vulnerability that could allow an attacker to view (or manipulate) information from the DB by inserting SQL statements into the input form and URL fields in a web application that is interfaced with the database(DB).
XSS A vulnerability that could allow an attacker to execute an inappropriate script with the privileges of a visitor who views a Web page by including a malicious script on the page.
Scanner/Proxy/Spambot Detection Crawling, Scraping, Scanner, Web Attack Toolkit, etc., to generate comprehensive attack traffic to detect direct vulnerabilities or collect indirect information to identify vulnerabilities.
Web Server Vulnerability Detection Vulnerability due to inadequate system configuration, such as the presense of installation files and temporary files created during the installation of the application (Apache, etc.), or the windows login window being exposed on the Web.
Application Vulnerability Detection A vulnerability that can be used as an intermediary for homepage tampering and hacking due to various vulnerability information of a public application that is open to the Internet due to financial and time burden in building a web server.
CSRF A vulnerability in which inappropriate scripting is performed with the privileges of the visitor viewing the transmitted dynamic web page when external input is used to generate the dynamic web page.
Malicious File Upload Detection A vulnerabiltity that the attacker can excute the system internal command or control the system if a script file (asp, jsp, php file, etc.) that can be executed on the server side can be uploaded and the attacker can execute this file directly through the web.
Abnormal HTTP Request Detection A comprehensive attack mechanism for accessing a web server by manipulating traffic with contradictory standard rules such as multiple spaces, multiple slashes, newline characters, null character insertion, specific header deletion or modulation for security system bypass purposes.
Error Page Cloaking A vulnerability that exposes attack information such as server data information through an error message when a separate error page is not set in the web server.
Directory Listing A vulnerability that could potentially expose sensitive file information by enabling indexing of all directories within the server or directories containing sensitive information.
Command Injection Detection Vulnerability in which unintended system commands are executed when user input values that have not been properly validated are run with some or all of the operating system commands.
System Access Detection A vulnerability that exploits important system information or sensitive information exposed by direct access to important tables or objects of Windows and Unix Web servers in known locations and commercial DBMS servers.
Directory Access Detection A vulnerability that could lead to system information leaks, service failures, etc., because it is possible to construct a path string for an unexpected access restriction area if the characters that can be used for the path manipulation are not filtered for external input values.
HTTP Method Restrictions Detection A vulnerability that allows an attacker to upload malicious files or to delete important files by allowing unnecessary methods (PUT, DELETE, OPTIONS, etc.) when providing Web services.
Vulnerable Page Access Detection A vulnerability that if a file such as an internal document, a backup file, a log file, or a compressed file exists under the web root, the file name can be obtained by infer, then the service information necessary for hacking can be obtained by directly requesting these file name. Additionally, it is also a vulnerability that could be exploited by various forms of attack, such as an attacker's SQL injection or brute-force attack, when the administrator's page is accessible via the Internet.
Header Vulnerability Detection A vulnerability that causes remote command execution or buffer overflow by accessing known vulnerabilities in a web application server or OS system through manipulation of header information such as User-Agent and Range header.
LDAP Injection A vulnerability that tempers with LDAP (application protocol for querying and modifying directory services) query or injects LDAP, thus leaking passwords, personal information, etc. If an LDAP query is performed as part of the user input on the website, change the LDAP syntax to obtain sensitive information within the system.

Policy setting (User defined)

Setup define detail to start user defined policy setup.

Configurable User defined policy

Policy Desctiption
IP Allow list Bypassing the client ip regardless of other the Web Application Firewall policy after input client IP and apply it.
IP block list Blocking the client ip regardless of other the Web Application Firewall policy after input client IP and apply it.
DoS Detection Block clients who make much traffic this domain and regist these ips to blacklist.
Brute Force Detection Blocking clients who try to abnormal login attempt to this domain and regist this ip to blacklist.
URL Allow list Bypassing the URL regardless of other the Web Application Firewall policy after input URL path and apply it.
National IP detection National IP detection blocks the HTTP request which is registered in the untrusted national list before analyzing the data.
JS Challenge Upon receipt of the HTTP request, the WAF responds with Javascript challenge script, which can only be interpreted in a web browser. It allows access to the actual website only when interpreting this script, and it defends automated attacks such as bots that cannot be interpreted.

Policy setting (SSL)

Setup SSL detail to start SSL policy setup.

Configurable SSL policy

Policy Desctiption
SSL Certificate Upload new SSL certificate of your domain for regist or change SSL certificate.
- Support type : CRT, DER, PEM, PFX, ...
80 → 443 Redirect All traffic of Port 80 (HTTP) redirect to Port 443 (HTTPS).

Log menu

You can check detection logs in 'Web Application Firewall - Log' menu.

It support choose the date period to search your domain logs.

It has filters of 'Country', 'Client IP', 'Path', 'Pattern' and 'Action' for search except what you want not to see.

If you click 'view more' icon, can check detail of this log.

Report menu

You can make report of a domain information in 'Web Application Firewall - Report' menu.

Click 'Create' button for make report after choose the date period.

After creating the report, download button of PDF and DOC type is activated and you can download the corresponding type report when you click the button.

When you click the 'Delete' button on the right, the generated report will be deleted.

If you check "Auto generate monthly report", the report will be generated automatically on the first day of each month.

Activity stream menu

Check for our account activity in "Web Application Firewall - Activity stream” menu.

You can see the count information for each category in the operation log count at the top.

You can search for activity logs by choosing "Category" and "Period".

For policy categories, click the "View more" button on the right side of the domain to check detailed change information.

WMD (Website Malware Detection) service

WMD performs static and dynamic analysis on target website to scan out infected URL. This offers reports regarding target website’s infection status and locate malware source and its distribution information, enabling early action to protect the website.

Add your site

Click “Add Site” button in Site Management menu to register the target stie.

You must enter the URL in the Input box. Also you can set Site authentication and User-Agent.

If you set Auto Diagnosis, set sitemap remake, diagnosis level, crawling depth, external link, and regex exception.

The crawl depth refers to the extent to which a WMD indexes the site’s content. The larger the value, the longer the creation time.

You can set Auto Diagnosis, alarm setting.

If you set Auto Diagnosis, a sitemap is automatically created and started first diagnosis within one minute.

If you select "Email" in alarm setting, you can set the email address to which you want to receive notifications.

And click "Next" button.

Diagnosis Start

Click the 'Diagnosis Start' button in 'Website Malware Detection - Site Management' menu to start diagnosis

For quick completion, only new or changed URLs can be diagnosed.
(The option does not appear for the first diagnosis.)

You can check the diagnosis progress in 'Dashboard - Current Diagnosis Info'.

Dashboard

You can view a one-week diagnosis visit and analysis status and the type of malware that was detected.

If you have a site that is currently being diagnosed, you can check the current diagnosis progress.

View diagnosis result

After the diagnosis is completed, you can check the diagnosis result in the 'Website Malware Detection - Diagnosis Status' menu.

You can view summary information by clicking the number of threats, the infected URL, and the total URL.

Click the 'View' button to see a detailed report of the diagnosis. After creating the report, You can download the appropriate type of report

If the URL is malicious, '!' is added
and you can click to see more information.

SWG Service

Cloud-based SWG service with affordable, easy to use to protect your clients from harmful web access.

SWG services run on a Multi-Tenancy Based SECaaS platform. The platform configures a multitenancy-based service infrastructure through the interconnection of Service Gateway, Security Manager, Security Edge, and Log Collector.

SWG service can be delivered anywhere in the world with one gateway, reducing the cost of the company’s backhaul and helping to ensure compliance with the company’s security compliance.

Dashboard Menu

You can view the detection log and service usage information in a summary for a week, and view the detected log graph.

DetectLog Menu

A detection log query allows an internal user to look up detection logs that are 'detected/blocked' because they violate policy during a WEB request.

You can view detailed log information by clicking the magnifying glass button on the right side of each log.

When you click the Add to URL Filter button, you can add the URL as a blacklist and whitelist type.

User Auth Menu

You can search by setting the top period to 'day' and 'weekly'.

You can check the user's authentication time, IP, authentication path, device type, platform, browser, login, and more.

Report Menu

You can specify a date to view the report and provide a report download function.

PAC Settings Menu

A PAC file is a file that defines how a web browser or other user agent can automatically access the appropriate proxy server.

The browser-specific PAC settings are available in the go to the PAC Setup Guide for more information.

Add PAC

Go to Policy > PAC settings for adding PACs.

Step 1. In the input form, enter the PAC information.

Element explanation
URL This URL is used when setting Proxy.
Host Bypass Bypass if the host of URLs entered Proxy is registered host
URL Bypass Bypass if URL entered Proxy is registered URL
Destination IP Bypass Bypass if dst ip entered Proxy is registered ip
Client IP Bypass Bypass if client ip entered Proxy is registered ip

Step 2. Click on the "Apply" button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

User Management Menu

User information is a menu for entering internal user information for security policy enforcement of AIONCLOUD SWG.

Add User

Click the "Add" button in the Policy > User Management menu to add users.

Step 1. In the input form, enter your information.
- User ID : Login ID used to log in
- Name : User's name
- Password: User's password. It must contain at least one number, one special character, and one English character.
- Description: (Optional) Notes and additional information.

Step 2. Click on the "Apply" button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Add Group

Click the "Add" button on the Policy > User Management Menu > Group tab for adding users.

Step 1. Enter group information.
- Description: (Optional) Notes and additional information.

Step 2. Click on the "Apply" button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Add Department

Click the "Add" button on the Policy > User Management Menu > Department tab for adding users.

Step 1. Enter department information.
- Description: (Optional) Notes and additional information.

Step 2. Click on the "Apply" button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Policy Management Menu

Policy Management is a menu that creates a policy by combining settings from exception URL filters, content filters, file extension filters, and category filters.

Add Policy

Click the "Add" button in the Policy > Policy Management menu to add a policy.

Step 1. Enter the policy settings.
- Policy usage : You can set whether or not to use the current policy.
- User : Lets you select the user corresponding to the current policy.
- Group : Allows you to select users corresponding to the current policy.

Step 2. When the policy information settings are complete, click the Apply button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Policy Precedence Change

Click the "Change priority" button in the Policy > Policy Management menu to change policy priorities.

Step 1. Select the policy you want to change and modify the location to drag and drop.

Step 2. When the policy priority setting is complete, click the "Apply".

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

URL Filter Menu

This menu allows you to set up URL

Add URL Filter

To add a URL filter, click the "Add" button on the Policy Filter > URL Filter menu.

Step 1. Enter URL filter information.
- Blacklist : The URL list entered is registered as a blacklist.
- Whitelist : The URL list entered is registered as a whitelist.
- Detection Log : Shows whether or not to create detections when URL detection complies with the exception URL policy.

Step 2. When the URL filter settings are complete, click the "Apply"

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Content Filter menu

This menu allows you to set up content filters.

You can set the type, keyword, and action for adding content filters.

Add Content Filter

Add a content filter by clicking the "Add" button in the Policy Filter > Content Filter menu.

Step 1.Enter the content filter information.
- Type : Select the type to detect content filters.
- Upload file : Whether to detect when uploading a file.
- Keywords : Selectable from the Keyword Filter list.
- Action : Set whether or not to allow, detect, or block WEB traffic if it conforms to the filter.

Step 2. When you are finished entering the content filter information, click the "Save" button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Add Keyword Filter

Keywords allow you to add specific phrases to be detected by the policy as keywords.

The keywords you set are available in the Content Filters in Policy > Policy Management after you add a Group Settings > Content Filter Group.

Click the "Add" button on the Policy > Filter > Keyword Filter menu to add a keyword filter.

Step 1. Enter keyword filter information.
- Use regular expressions : Whether to use regular expressions that the policy will detect.
- Keyword: Keyword to detect.
- Number of iterations: Keywords detect if they are more than repeat times.

Step 2. Click the "Save" button when you are finished entering the keyword filter information.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

File Extension Filter Menu

Menu where file extension filter settings can be set.

Add File Extension Filter

To add a file extension filter, click the "Add" button on the Policy Filter > File Extensions Filter menu.

Step 1.Enter the file extension filter information.
- Type : Select the type to detect file extension filters.
- Confirm Extension Forgery : Detected if you change the extension.
- File Extension : The extension that you set by setting the extension of the file is detected.
- Action : Sets whether or not to allow, detect, or block WEB traffic processing if it fits the filter.

Step 2. When you are finished entering the file extension filter information, click the "Save" button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Category Filter Menu

Category Filter is a menu that allows you to select and block certain categories in 64 URL category areas, each categorized by URL attributes.

Add Category Filter

To add a category filter, click the "Add" button on the Policy Filter > Category Filter menu.

Step 1. Enter Category filter information.
- View Malicious Only : You can only view categories of malicious types.
- Action : Set whether to allow, detect, or block WEB traffic if it meets the filter.

Step 2. When you are finished entering the category filter information, click the "Save" button.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Add User Defined

Click the "Add" button on the Policy > Filter > Custom menu to add User Defined.

Step 1. Enter User Defined.
- Category : The category to which you want to add the URL.

Step 2. Click the "Save" button when the User Defined filter information is complete.

Step 3. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Category Change Reception menu

he category requested by the client is approved in the Log Analysis > Category Change Reception inquiry, Ignoring is possible. Policy settings > Policy > Preservatives > Users when handled with approval Exposed to 'Categories' and reclassified to the request category after policy enforcement and is detected/blocked.

You can check the Category Change Reception request list.

Apply For Category Change Reception

You can request an administrator to change the category.

Access the Block page to apply for category change.

Step 1. In the change request category, select the category you want to request.

Step 2. Click the "Apply for category change" button.

Category Change Reception

Go to the Reception > Category Change Access menu for approval of category change.

Step 1. Click on the "Approve" button in the Receive Category Change table.

Step 2. Click the exclamation mark icon next to the policy and click the Apply Policy button.

Account info menu

Account information can be checked in the 'My Page - Account Information' menu.

Account information is classified into 'account information', 'Web Application Firewall' and 'Website Malware Detection'.

Account information can be checked in the 'My Page - Account Information' menu.

In 'Web Application Firewall', you can inquire the status of domains registered in Web Application Firewall service and traffic usage by month.

In 'Website Malware Detection', you can view the setting information of sites registered in Website Malware Detection service by month.

Billing info menu

You can see your payment information in the "My Page - Billing information" menu.

You can check the current card information in the 'Information menu' and click 'Change' to modify the card information.

In 'Payment Information', you can check payment information based on service use and payment history by period. You can change the item by clicking 'Change'.

The card number can be modified in 'Change Payment Information'.

Items changed from 'Change Item Selection' will be applied on the 1st of next month.

If the current product is 'Free', you can change the item by entering the card information.

In 'Confirm product change', you can check the current and changed products. Pressing the 'Complete' button will complete the change reservation.

Members

You can see your members information in the "My Page - Members" menu.

You can invite and manage members from the "Members" menu.

Enter the email you want to invite and click the "Invite" button. Password will be sent to the email of the invited member. The member shares the your service data.

You can view a list of invited members. Clicking the 'Delete' button will delete the account.

Clicking the 'Edit'' button will set permissions.

Can set domain management permissions

Can set whether to use the WMD service.