Can WAF Defend Against the Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)?

Yes. WAF basic web protection rules can defend against the Apache Struts2 remote code execution vulnerability (CVE-2021-31805).

Follow the procedure below to complete the configuration.

Configuration Procedure

  1. Apply for a dedicated WAF instance.
  2. Add the website domain name to WAF and connect it to WAF. For details, see Connecting a Website to WAF (Dedicated Mode) or Connecting a Website to WAF (ELB Access Mode).
  3. In the Basic Web Protection configuration area, set Mode to Block. For details, see Configuring Basic Protection Rules to Defend Against Common Web Attacks.
Parent topic: About WAF