diff --git a/docs/wafd/umn/ALL_META.TXT.json b/docs/wafd/umn/ALL_META.TXT.json index 2c4f6dc85..e0c159bcc 100644 --- a/docs/wafd/umn/ALL_META.TXT.json +++ b/docs/wafd/umn/ALL_META.TXT.json @@ -14,10 +14,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Service Overview", @@ -35,10 +35,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Is WAF?", @@ -49,17 +49,17 @@ "node_id":"waf_01_0272.xml", "product_code":"wafd", "code":"3", - "des":"WAF can be used in dedicated mode or ELB access mode. The following part describes specifications.Table 1 describes dedicated WAF instances.For more details, see Table 2.", + "des":"WAF can be used in dedicated mode or ELB access mode. The following part describes specifications under different access modes.Table 1 describes dedicated WAF instances.F", "doc_type":"usermanual", "kw":"Product Specifications,Service Overview,User Guide", "search_title":"", "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Product Specifications", @@ -77,10 +77,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Functions", @@ -98,10 +98,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Product Advantages", @@ -119,10 +119,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Application Scenarios", @@ -140,10 +140,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Project and Enterprise Project", @@ -161,10 +161,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Personal Data Protection Mechanism", @@ -182,10 +182,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"WAF Permissions Management", @@ -203,10 +203,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"WAF and Other Services", @@ -224,10 +224,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"WAF Operation Guide", @@ -245,18 +245,18 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Applying for a Dedicated WAF Instance", "githuburl":"" }, { - "uri":"en-us_topic_0000002112591942.html", - "node_id":"en-us_topic_0000002112591942.xml", + "uri":"waf_01_1073.html", + "node_id":"waf_01_1073.xml", "product_code":"wafd", "code":"13", "des":"To use WAF load balancer access mode, you need to apply for a cloud WAF instance. Pay-per-use billing (postpayment) is supported for WAF cloud instances.To apply for pay-", @@ -266,10 +266,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Applying for a Cloud WAF Instance", @@ -287,10 +287,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Creating a User Group and Granting Permissions", @@ -308,10 +308,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Connecting a Website to WAF", @@ -329,10 +329,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Connecting Your Website to WAF (ELB Access Mode)", @@ -350,10 +350,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Connecting Your Website to WAF (Dedicated Mode)", @@ -371,10 +371,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Website Connection Process (Dedicated Mode)", @@ -392,10 +392,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Step 1: Add Your Website to WAF", @@ -413,10 +413,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Step 2: Configure a Load Balancer for WAF", @@ -434,10 +434,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Step 3: Bind an EIP to a Load Balancer", @@ -455,10 +455,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Step 4: Whitelist Back-to-Source IP Addresses of Dedicated WAF Instances", @@ -476,10 +476,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Step 5: Test Dedicated WAF Instances", @@ -497,10 +497,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Ports Supported by WAF", @@ -518,10 +518,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Viewing Protection Events", @@ -539,10 +539,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Querying a Protection Event", @@ -560,10 +560,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Handling False Alarms", @@ -581,10 +581,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Downloading Events Data", @@ -602,10 +602,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Using LTS to Log WAF Activities", @@ -623,10 +623,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Protection Policies", @@ -644,10 +644,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Protection Configuration Overview", @@ -665,10 +665,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Basic Web Protection to Defend Against Common Web Attacks", @@ -686,10 +686,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring CC Attack Protection Rules to Defend Against CC Attacks", @@ -707,10 +707,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Custom Precise Protection Rules", @@ -728,10 +728,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring IP Address Blacklist and Whitelist Rules to Block or Allow Specified IP Addresses", @@ -749,10 +749,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Geolocation Access Control Rules to Block or Allow Requests from Specific Locations", @@ -770,10 +770,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Web Tamper Protection Rules to Prevent Static Web Pages from Being Tampered With", @@ -791,10 +791,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Anti-Crawler Rules", @@ -812,10 +812,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Information Leakage Prevention Rules to Protect Sensitive Information from Leakage", @@ -833,10 +833,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring a Global Protection Whitelist Rule to Ignore False Alarms", @@ -854,10 +854,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring Data Masking Rules to Prevent Privacy Information Leakage", @@ -875,10 +875,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Creating a Reference Table to Configure Protection Metrics in Batches", @@ -896,10 +896,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring a Known Attack Source Rule to Block Specific Visitors for a Specified Duration", @@ -917,10 +917,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Condition Field Description", @@ -931,17 +931,17 @@ "node_id":"waf_01_0021.xml", "product_code":"wafd", "code":"45", - "des":"This topic describes how to view protection event logs, including attack and request statistics, event distribution, top 10 attacked domain names, top 10 attack source IP", + "des":"If you have connected websites to WAF, you can have a glance at their security on the Dashboard page. You will learn of WAF updates, protection overview, product details,", "doc_type":"usermanual", "kw":"Viewing the Dashboard,User Guide", "search_title":"", "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Viewing the Dashboard", @@ -959,10 +959,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Website Settings", @@ -980,10 +980,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Recommended Configurations After Website Connection", @@ -1001,20 +1001,62 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring PCI DSS/3DS Compliance Check and TLS", "githuburl":"" }, + { + "uri":"waf_01_0154.html", + "node_id":"waf_01_0154.xml", + "product_code":"wafd", + "code":"49", + "des":"If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as re", + "doc_type":"usermanual", + "kw":"Modifying the Alarm Page,Recommended Configurations After Website Connection,User Guide", + "search_title":"", + "metedata":[ + { + "IsBot":"No;Yes", + "IsMulti":"No;Yes", + "opensource":"true", + "documenttype":"usermanual", + "prodname":"wafd" + } + ], + "title":"Modifying the Alarm Page", + "githuburl":"" + }, + { + "uri":"waf_01_0270.html", + "node_id":"waf_01_0270.xml", + "product_code":"wafd", + "code":"50", + "des":"WAF allows you to configure traffic identifiers by IP address, session, or user tag to block possibly malicious requests from known attack sources based on IP address, Co", + "doc_type":"usermanual", + "kw":"Configuring a Traffic Identifier for a Known Attack Source,Recommended Configurations After Website ", + "search_title":"", + "metedata":[ + { + "IsBot":"No;Yes", + "IsMulti":"No;Yes", + "opensource":"true", + "documenttype":"usermanual", + "prodname":"wafd" + } + ], + "title":"Configuring a Traffic Identifier for a Known Attack Source", + "githuburl":"" + }, { "uri":"waf_01_1171.html", "node_id":"waf_01_1171.xml", "product_code":"wafd", - "code":"49", + "code":"51", "des":"If you want to set a timeout duration for each request between your WAF instance and origin server, enable Timeout Settings and specify WAF-to-Server connection timeout (", "doc_type":"usermanual", "kw":"Configuring a Timeout for Connections Between WAF and a Website Server,Recommended Configurations Af", @@ -1022,10 +1064,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Configuring a Timeout for Connections Between WAF and a Website Server", @@ -1035,7 +1077,7 @@ "uri":"waf_01_1172.html", "node_id":"waf_01_1172.xml", "product_code":"wafd", - "code":"50", + "code":"52", "des":"If a large number of 502 Bad Gateway and 504 Gateway Timeout errors are detected, you can enable WAF breakdown protection and connection protection to let WAF suspend you", "doc_type":"usermanual", "kw":"Enabling Connection Protection to Protect Origin Servers,Recommended Configurations After Website Co", @@ -1043,57 +1085,15 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Enabling Connection Protection to Protect Origin Servers", "githuburl":"" }, - { - "uri":"waf_01_0270.html", - "node_id":"waf_01_0270.xml", - "product_code":"wafd", - "code":"51", - "des":"WAF allows you to configure traffic identifiers by IP address, session, or user tag to block possibly malicious requests from known attack sources based on IP address, Co", - "doc_type":"usermanual", - "kw":"Configuring a Traffic Identifier for a Known Attack Source,Recommended Configurations After Website ", - "search_title":"", - "metedata":[ - { - "IsBot":"No;Yes", - "opensource":"true", - "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" - } - ], - "title":"Configuring a Traffic Identifier for a Known Attack Source", - "githuburl":"" - }, - { - "uri":"waf_01_0154.html", - "node_id":"waf_01_0154.xml", - "product_code":"wafd", - "code":"52", - "des":"If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as re", - "doc_type":"usermanual", - "kw":"Modifying the Alarm Page,Recommended Configurations After Website Connection,User Guide", - "search_title":"", - "metedata":[ - { - "IsBot":"No;Yes", - "opensource":"true", - "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" - } - ], - "title":"Modifying the Alarm Page", - "githuburl":"" - }, { "uri":"waf_01_0067.html", "node_id":"waf_01_0067.xml", @@ -1106,10 +1106,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Managing Websites", @@ -1127,10 +1127,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Viewing Basic Information of a Website", @@ -1148,10 +1148,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Changing the Protection Mode", @@ -1169,10 +1169,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Updating the Certificate Used for a Website", @@ -1190,10 +1190,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Editing Server Information", @@ -1211,10 +1211,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Deleting a Protected Website from WAF", @@ -1232,10 +1232,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Policy Management", @@ -1253,10 +1253,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Creating a Protection Policy", @@ -1274,10 +1274,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Adding a Domain Name to a Policy", @@ -1288,17 +1288,17 @@ "node_id":"waf_01_0061.xml", "product_code":"wafd", "code":"62", - "des":"This topic describes how to add rules to one or more policies.If you have enabled enterprise projects, ensure that you have all operation permissions for the project wher", + "des":"This topic describes how to add rules to one or more policies.To add a CC attack protection rule, see Table 1.To add a precise protection rule, see Table 1.To add a black", "doc_type":"usermanual", "kw":"Adding Rules to One or More Policies,Policy Management,User Guide", "search_title":"", "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Adding Rules to One or More Policies", @@ -1316,10 +1316,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Object Management", @@ -1337,10 +1337,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Certificate Management", @@ -1358,10 +1358,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Uploading a Certificate to WAF", @@ -1379,10 +1379,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Using a Certificate for a Protected Website in WAF", @@ -1400,10 +1400,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Viewing Certificate Information", @@ -1421,10 +1421,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Deleting a Certificate from WAF", @@ -1442,10 +1442,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"System Management", @@ -1456,17 +1456,17 @@ "node_id":"waf_01_0253.xml", "product_code":"wafd", "code":"70", - "des":"This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, viewing instance monitoring configurations, upgradin", + "des":"This topic describes how to manage your dedicated WAF instances (or engines). You can view instance information, view instance monitoring configurations, upgrade the edit", "doc_type":"usermanual", "kw":"Managing Dedicated WAF Engines,System Management,User Guide", "search_title":"", "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Managing Dedicated WAF Engines", @@ -1484,10 +1484,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Viewing Product Details", @@ -1505,10 +1505,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Permissions Management", @@ -1526,10 +1526,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Authorizing and Associating an Enterprise Project", @@ -1547,10 +1547,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"IAM Permissions Management", @@ -1568,10 +1568,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"WAF Custom Policies", @@ -1589,10 +1589,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"WAF Permissions and Supported Actions", @@ -1610,10 +1610,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Monitoring and Auditing", @@ -1631,10 +1631,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Using CTS to Audit WAF", @@ -1652,10 +1652,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"WAF Operations Recorded by CTS", @@ -1673,10 +1673,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Viewing CTS Traces in the Trace List", @@ -1694,10 +1694,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Monitored Metrics", @@ -1715,10 +1715,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"FAQs", @@ -1736,10 +1736,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"About WAF", @@ -1757,10 +1757,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"WAF Basics", @@ -1778,10 +1778,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Can WAF Protect an IP Address?", @@ -1799,10 +1799,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Objects Does WAF Protect?", @@ -1820,10 +1820,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Does WAF Block Customized POST Requests?", @@ -1841,10 +1841,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Which Web Service Framework Protocols Does WAF Support?", @@ -1862,10 +1862,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Can WAF Protect Websites Accessed Through HSTS or NTLM Authentication?", @@ -1883,10 +1883,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Are the Differences Between WAF Forwarding and Nginx Forwarding?", @@ -1904,10 +1904,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Can I Configure Session Cookies in WAF?", @@ -1925,10 +1925,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Does WAF Detect SQL Injection, XSS, and PHP Injection Attacks?", @@ -1946,10 +1946,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Can WAF Defend Against the Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)?", @@ -1967,10 +1967,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Does the Vulnerability Scanning Tool Report Disabled Non-standard Ports for My WAF-Protected Website?", @@ -1988,10 +1988,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Are Local File Inclusion and Remote File Inclusion?", @@ -2009,10 +2009,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Is the Difference Between QPS and the Number of Requests?", @@ -2030,10 +2030,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Does WAF Support Custom Authorization Policies?", @@ -2051,10 +2051,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Do Cookies Contain the HWWAFSESID or HWWAFSESTIME field?", @@ -2072,10 +2072,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Can I Switch Between the WAF ELB Access Mode and Dedicated Mode?", @@ -2093,10 +2093,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Website Connect Issues", @@ -2114,10 +2114,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Does a Dedicated WAF Instance Protect Non-Standard Ports That Are Not Supported by the Dedicated Instance?", @@ -2135,10 +2135,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Do I Have to Configure the Same Port as That of the Origin Server When Adding a Website to WAF?", @@ -2156,10 +2156,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Are the Precautions for Configuring Multiple Server Addresses for Backend Servers?", @@ -2177,10 +2177,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Does WAF Support Wildcard Domain Names?", @@ -2198,10 +2198,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Does WAF Forward Access Requests When Both a Wildcard Domain Name and a Single Domain Name Are Connected to WAF?", @@ -2219,10 +2219,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Am I Seeing the \"Someone else has already added this domain name. Please confirm that the domain name belongs to you\" Error Message?", @@ -2240,10 +2240,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Can I Access a Website Using an IP Address After a Domain Name Is Connected to WAF?", @@ -2261,10 +2261,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Protection Rules", @@ -2282,10 +2282,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Which Protection Levels Can Be Set for Basic Web Protection?", @@ -2303,10 +2303,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Is the Peak Rate of CC Attack Protection?", @@ -2324,10 +2324,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"When Is Cookie Used to Identify Users?", @@ -2345,10 +2345,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Does a Requested Page Fail to Respond to the Client After the JavaScript-based Anti-Crawler Is Enabled?", @@ -2366,10 +2366,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Is There Any Impact on Website Loading Speed If Other Crawler Check in Anti-Crawler Is Enabled?", @@ -2387,10 +2387,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Does JavaScript Anti-Crawler Detection Work?", @@ -2408,10 +2408,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"In Which Situations Will the WAF Policies Fail?", @@ -2429,10 +2429,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Do I Allow Requests from Only IP Addresses in a Specified Geographical Region?", @@ -2450,10 +2450,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Do I Allow Only Specified IP Addresses to Access Protected Websites?", @@ -2464,17 +2464,17 @@ "node_id":"waf_01_0355.xml", "product_code":"wafd", "code":"118", - "des":"Web Tamper Protection (WTP) supports only caching of static web pages. Perform the following steps to fix this issue:If this function is enabled (), go to 7.If this funct", + "des":"Web Tamper Protection (WTP) supports only caching of static web pages. Perform the following steps to fix this issue:If this function is enabled (), go to 6.If this funct", "doc_type":"usermanual", "kw":"Why Does the Page Fail to Be Refreshed After WTP Is Enabled?,Protection Rules,User Guide", "search_title":"", "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Does the Page Fail to Be Refreshed After WTP Is Enabled?", @@ -2492,10 +2492,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Are the Differences Between Blacklist/Whitelist Rules and Precise Protection Rules on Blocking Access Requests from Specified IP Addresses?", @@ -2513,10 +2513,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Do I Do If a Scanner, such as AppScan, Detects that the Cookie Is Missing Secure or HttpOnly?", @@ -2534,10 +2534,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Certificate Management", @@ -2555,10 +2555,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Troubleshooting Website Connection Exceptions", @@ -2576,10 +2576,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Is My Domain Name or IP Address Inaccessible?", @@ -2597,10 +2597,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Does the Requested Page Respond Slowly After My Website Is Connected to WAF?", @@ -2618,10 +2618,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Can I Do If Files Cannot Be Uploaded After a Website Is Connected to WAF?", @@ -2639,10 +2639,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Troubleshooting Certificate and Cipher Suite Issues", @@ -2660,10 +2660,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Do I Fix an Incomplete Certificate Chain?", @@ -2681,10 +2681,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Does My Certificate Not Match the Key?", @@ -2702,10 +2702,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Are HTTPS Requests Denied on Some Mobile Phones?", @@ -2723,10 +2723,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Do I Do If the Protocol Is Not Supported and the Client and Server Do Not Support Common SSL Protocol Versions or Cipher Suites?", @@ -2737,17 +2737,17 @@ "node_id":"waf_01_3312.xml", "product_code":"wafd", "code":"131", - "des":"The bar mitzvah attack is an attack on SSL/TLS protocols that exploits a vulnerability in the RC4 cryptographic algorithm. This vulnerability can disclose ciphertext in S", + "des":"The Bar Mitzvah attack is a cryptographic attack targeting SSL/TLS protocols. The attack exploits a vulnerability in the RC4 cryptographic algorithm. This vulnerability c", "doc_type":"usermanual", "kw":"Why Is the Bar Mitzvah Attack on SSL/TLS Detected?,Troubleshooting Certificate and Cipher Suite Issu", "search_title":"", "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Is the Bar Mitzvah Attack on SSL/TLS Detected?", @@ -2765,10 +2765,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Troubleshooting Traffic Forwarding Exceptions", @@ -2779,20 +2779,20 @@ "node_id":"waf_01_0066.xml", "product_code":"wafd", "code":"133", - "des":"If an error, such as 404 Not Found, 502 Bad Gateway, or 504 Gateway Timeout, occurs after a website is connected to WAF, use the following methods to locate the cause and", + "des":"If an error, such as 404 Not Found, 502 Bad Gateway, or 504 Gateway Timeout, occurs after your website or application is connected to WAF, use the following methods to lo", "doc_type":"usermanual", - "kw":"404,502,504,How Do I Troubleshoot 404/502/504 Errors?,Troubleshooting Traffic Forwarding Exceptions,", + "kw":"404,502,504,What Is Error Code 404, 502, or 504 Returned to Visitors After My Website or Application", "search_title":"", "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], - "title":"How Do I Troubleshoot 404/502/504 Errors?", + "title":"What Is Error Code 404, 502, or 504 Returned to Visitors After My Website or Application Is Connected to WAF?", "githuburl":"" }, { @@ -2807,10 +2807,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Am I Seeing Error Code 418?", @@ -2828,10 +2828,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Am I Seeing Error Code 523?", @@ -2849,10 +2849,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Was My Website Redirected So Many Times?", @@ -2870,10 +2870,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Am I Seeing Error Code 414 Request-URI Too Large?", @@ -2891,10 +2891,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"What Is the Connection Timeout Duration of WAF? Can I Manually Set the Timeout Duration?", @@ -2912,10 +2912,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Checking Whether Normal Requests Are Blocked Mistakenly", @@ -2933,10 +2933,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"How Do I Handle False Alarms as WAF Blocks Normal Requests to My Website?", @@ -2954,10 +2954,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Why Does WAF Block Normal Requests as Invalid Requests?", @@ -2975,10 +2975,10 @@ "metedata":[ { "IsBot":"No;Yes", + "IsMulti":"No;Yes", "opensource":"true", "documenttype":"usermanual", - "prodname":"wafd", - "IsMulti":"Yes" + "prodname":"wafd" } ], "title":"Change History", diff --git a/docs/wafd/umn/CLASS.TXT.json b/docs/wafd/umn/CLASS.TXT.json index 3fc0b76a3..2811e34e0 100644 --- a/docs/wafd/umn/CLASS.TXT.json +++ b/docs/wafd/umn/CLASS.TXT.json @@ -18,7 +18,7 @@ "code":"2" }, { - "desc":"WAF can be used in dedicated mode or ELB access mode. The following part describes specifications.Table 1 describes dedicated WAF instances.For more details, see Table 2.", + "desc":"WAF can be used in dedicated mode or ELB access mode. The following part describes specifications under different access modes.Table 1 describes dedicated WAF instances.F", "product_code":"wafd", "title":"Product Specifications", "uri":"waf_01_0272.html", @@ -111,7 +111,7 @@ "desc":"To use WAF load balancer access mode, you need to apply for a cloud WAF instance. Pay-per-use billing (postpayment) is supported for WAF cloud instances.To apply for pay-", "product_code":"wafd", "title":"Applying for a Cloud WAF Instance", - "uri":"en-us_topic_0000002112591942.html", + "uri":"waf_01_1073.html", "doc_type":"usermanual", "p_code":"", "code":"13" @@ -396,7 +396,7 @@ "code":"44" }, { - "desc":"This topic describes how to view protection event logs, including attack and request statistics, event distribution, top 10 attacked domain names, top 10 attack source IP", + "desc":"If you have connected websites to WAF, you can have a glance at their security on the Dashboard page. You will learn of WAF updates, protection overview, product details,", "product_code":"wafd", "title":"Viewing the Dashboard", "uri":"waf_01_0021.html", @@ -432,23 +432,14 @@ "code":"48" }, { - "desc":"If you want to set a timeout duration for each request between your WAF instance and origin server, enable Timeout Settings and specify WAF-to-Server connection timeout (", + "desc":"If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as re", "product_code":"wafd", - "title":"Configuring a Timeout for Connections Between WAF and a Website Server", - "uri":"waf_01_1171.html", + "title":"Modifying the Alarm Page", + "uri":"waf_01_0154.html", "doc_type":"usermanual", "p_code":"47", "code":"49" }, - { - "desc":"If a large number of 502 Bad Gateway and 504 Gateway Timeout errors are detected, you can enable WAF breakdown protection and connection protection to let WAF suspend you", - "product_code":"wafd", - "title":"Enabling Connection Protection to Protect Origin Servers", - "uri":"waf_01_1172.html", - "doc_type":"usermanual", - "p_code":"47", - "code":"50" - }, { "desc":"WAF allows you to configure traffic identifiers by IP address, session, or user tag to block possibly malicious requests from known attack sources based on IP address, Co", "product_code":"wafd", @@ -456,13 +447,22 @@ "uri":"waf_01_0270.html", "doc_type":"usermanual", "p_code":"47", + "code":"50" + }, + { + "desc":"If you want to set a timeout duration for each request between your WAF instance and origin server, enable Timeout Settings and specify WAF-to-Server connection timeout (", + "product_code":"wafd", + "title":"Configuring a Timeout for Connections Between WAF and a Website Server", + "uri":"waf_01_1171.html", + "doc_type":"usermanual", + "p_code":"47", "code":"51" }, { - "desc":"If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as re", + "desc":"If a large number of 502 Bad Gateway and 504 Gateway Timeout errors are detected, you can enable WAF breakdown protection and connection protection to let WAF suspend you", "product_code":"wafd", - "title":"Modifying the Alarm Page", - "uri":"waf_01_0154.html", + "title":"Enabling Connection Protection to Protect Origin Servers", + "uri":"waf_01_1172.html", "doc_type":"usermanual", "p_code":"47", "code":"52" @@ -549,7 +549,7 @@ "code":"61" }, { - "desc":"This topic describes how to add rules to one or more policies.If you have enabled enterprise projects, ensure that you have all operation permissions for the project wher", + "desc":"This topic describes how to add rules to one or more policies.To add a CC attack protection rule, see Table 1.To add a precise protection rule, see Table 1.To add a black", "product_code":"wafd", "title":"Adding Rules to One or More Policies", "uri":"waf_01_0061.html", @@ -621,7 +621,7 @@ "code":"69" }, { - "desc":"This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, viewing instance monitoring configurations, upgradin", + "desc":"This topic describes how to manage your dedicated WAF instances (or engines). You can view instance information, view instance monitoring configurations, upgrade the edit", "product_code":"wafd", "title":"Managing Dedicated WAF Engines", "uri":"waf_01_0253.html", @@ -1053,7 +1053,7 @@ "code":"117" }, { - "desc":"Web Tamper Protection (WTP) supports only caching of static web pages. Perform the following steps to fix this issue:If this function is enabled (), go to 7.If this funct", + "desc":"Web Tamper Protection (WTP) supports only caching of static web pages. Perform the following steps to fix this issue:If this function is enabled (), go to 6.If this funct", "product_code":"wafd", "title":"Why Does the Page Fail to Be Refreshed After WTP Is Enabled?", "uri":"waf_01_0355.html", @@ -1170,7 +1170,7 @@ "code":"130" }, { - "desc":"The bar mitzvah attack is an attack on SSL/TLS protocols that exploits a vulnerability in the RC4 cryptographic algorithm. This vulnerability can disclose ciphertext in S", + "desc":"The Bar Mitzvah attack is a cryptographic attack targeting SSL/TLS protocols. The attack exploits a vulnerability in the RC4 cryptographic algorithm. This vulnerability c", "product_code":"wafd", "title":"Why Is the Bar Mitzvah Attack on SSL/TLS Detected?", "uri":"waf_01_3312.html", @@ -1188,9 +1188,9 @@ "code":"132" }, { - "desc":"If an error, such as 404 Not Found, 502 Bad Gateway, or 504 Gateway Timeout, occurs after a website is connected to WAF, use the following methods to locate the cause and", + "desc":"If an error, such as 404 Not Found, 502 Bad Gateway, or 504 Gateway Timeout, occurs after your website or application is connected to WAF, use the following methods to lo", "product_code":"wafd", - "title":"How Do I Troubleshoot 404/502/504 Errors?", + "title":"What Is Error Code 404, 502, or 504 Returned to Visitors After My Website or Application Is Connected to WAF?", "uri":"waf_01_0066.html", "doc_type":"usermanual", "p_code":"132", diff --git a/docs/wafd/umn/en-us_image_0000001081906323.jpg b/docs/wafd/umn/en-us_image_0000001081906323.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001081906323.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001082065421.jpg b/docs/wafd/umn/en-us_image_0000001082065421.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001082065421.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001133216533.jpg b/docs/wafd/umn/en-us_image_0000001133216533.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001133216533.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001238508978.jpg b/docs/wafd/umn/en-us_image_0000001238508978.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001238508978.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001240865319.jpg b/docs/wafd/umn/en-us_image_0000001240865319.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001240865319.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001287946362.png b/docs/wafd/umn/en-us_image_0000001287946362.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001287946362.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001287946366.png b/docs/wafd/umn/en-us_image_0000001287946366.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001287946366.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288106282.png b/docs/wafd/umn/en-us_image_0000001288106282.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288106282.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288106346.png b/docs/wafd/umn/en-us_image_0000001288106346.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288106346.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288264194.png b/docs/wafd/umn/en-us_image_0000001288264194.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288264194.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288266226.png b/docs/wafd/umn/en-us_image_0000001288266226.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288266226.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288266902.png b/docs/wafd/umn/en-us_image_0000001288266902.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288266902.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288423818.png b/docs/wafd/umn/en-us_image_0000001288423818.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288423818.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288425878.png b/docs/wafd/umn/en-us_image_0000001288425878.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288425878.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001288427746.png b/docs/wafd/umn/en-us_image_0000001288427746.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001288427746.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001335953214.jpg b/docs/wafd/umn/en-us_image_0000001335953214.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001335953214.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340305457.png b/docs/wafd/umn/en-us_image_0000001340305457.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340305457.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340306233.png b/docs/wafd/umn/en-us_image_0000001340306233.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340306233.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340306901.png b/docs/wafd/umn/en-us_image_0000001340306901.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340306901.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340308129.png b/docs/wafd/umn/en-us_image_0000001340308129.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340308129.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340308381.png b/docs/wafd/umn/en-us_image_0000001340308381.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340308381.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340424693.png b/docs/wafd/umn/en-us_image_0000001340424693.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340424693.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340425481.png b/docs/wafd/umn/en-us_image_0000001340425481.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340425481.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340426097.png b/docs/wafd/umn/en-us_image_0000001340426097.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340426097.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340426101.png b/docs/wafd/umn/en-us_image_0000001340426101.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340426101.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340427973.png b/docs/wafd/umn/en-us_image_0000001340427973.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340427973.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340585565.png b/docs/wafd/umn/en-us_image_0000001340585565.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340585565.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340585569.png b/docs/wafd/umn/en-us_image_0000001340585569.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340585569.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340586225.png b/docs/wafd/umn/en-us_image_0000001340586225.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340586225.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340663937.png b/docs/wafd/umn/en-us_image_0000001340663937.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340663937.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340665981.png b/docs/wafd/umn/en-us_image_0000001340665981.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340665981.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001340667861.png b/docs/wafd/umn/en-us_image_0000001340667861.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001340667861.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001402328652.jpg b/docs/wafd/umn/en-us_image_0000001402328652.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001402328652.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001481372972.jpg b/docs/wafd/umn/en-us_image_0000001481372972.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001481372972.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001481373388.jpg b/docs/wafd/umn/en-us_image_0000001481373388.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001481373388.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001481908812.jpg b/docs/wafd/umn/en-us_image_0000001481908812.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001481908812.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001481908820.jpg b/docs/wafd/umn/en-us_image_0000001481908820.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001481908820.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001481959198.jpg b/docs/wafd/umn/en-us_image_0000001481959198.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001481959198.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001482067792.jpg b/docs/wafd/umn/en-us_image_0000001482067792.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001482067792.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001482227824.jpg b/docs/wafd/umn/en-us_image_0000001482227824.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001482227824.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001482228424.jpg b/docs/wafd/umn/en-us_image_0000001482228424.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001482228424.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001493652906.jpg b/docs/wafd/umn/en-us_image_0000001493652906.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001493652906.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001532628161.jpg b/docs/wafd/umn/en-us_image_0000001532628161.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001532628161.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001532693109.jpg b/docs/wafd/umn/en-us_image_0000001532693109.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001532693109.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001532693205.jpg b/docs/wafd/umn/en-us_image_0000001532693205.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001532693205.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001532745961.jpg b/docs/wafd/umn/en-us_image_0000001532745961.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001532745961.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001532748653.jpg b/docs/wafd/umn/en-us_image_0000001532748653.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001532748653.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001532867165.jpg b/docs/wafd/umn/en-us_image_0000001532867165.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001532867165.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001532904513.jpg b/docs/wafd/umn/en-us_image_0000001532904513.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001532904513.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001544453213.jpg b/docs/wafd/umn/en-us_image_0000001544453213.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001544453213.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001652007168.png b/docs/wafd/umn/en-us_image_0000001652007168.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001652007168.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001658761758.png b/docs/wafd/umn/en-us_image_0000001658761758.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001658761758.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001710527625.png b/docs/wafd/umn/en-us_image_0000001710527625.png deleted file mode 100644 index af19fabee..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001710527625.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001845908085.jpg b/docs/wafd/umn/en-us_image_0000001845908085.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001845908085.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000001941947437.png b/docs/wafd/umn/en-us_image_0000001941947437.png deleted file mode 100644 index 28807ed30..000000000 Binary files a/docs/wafd/umn/en-us_image_0000001941947437.png and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0000002129836992.png b/docs/wafd/umn/en-us_image_0000002129836992.png new file mode 100644 index 000000000..73919158a Binary files /dev/null and b/docs/wafd/umn/en-us_image_0000002129836992.png differ diff --git a/docs/wafd/umn/en-us_image_0000001732411573.png b/docs/wafd/umn/en-us_image_0000002155673236.png similarity index 100% rename from docs/wafd/umn/en-us_image_0000001732411573.png rename to docs/wafd/umn/en-us_image_0000002155673236.png diff --git a/docs/wafd/umn/en-us_image_0000001287944330.png b/docs/wafd/umn/en-us_image_0000002194070596.png similarity index 100% rename from docs/wafd/umn/en-us_image_0000001287944330.png rename to docs/wafd/umn/en-us_image_0000002194070596.png diff --git a/docs/wafd/umn/en-us_image_0000001081671555.jpg b/docs/wafd/umn/en-us_image_0000002194533712.jpg similarity index 100% rename from docs/wafd/umn/en-us_image_0000001081671555.jpg rename to docs/wafd/umn/en-us_image_0000002194533712.jpg diff --git a/docs/wafd/umn/en-us_image_0000001586593518.png b/docs/wafd/umn/en-us_image_0000002210068928.png similarity index 100% rename from docs/wafd/umn/en-us_image_0000001586593518.png rename to docs/wafd/umn/en-us_image_0000002210068928.png diff --git a/docs/wafd/umn/en-us_image_0000001683558966.png b/docs/wafd/umn/en-us_image_0000002210228712.png similarity index 100% rename from docs/wafd/umn/en-us_image_0000001683558966.png rename to docs/wafd/umn/en-us_image_0000002210228712.png diff --git a/docs/wafd/umn/en-us_image_0000001731648345.png b/docs/wafd/umn/en-us_image_0000002210228768.png similarity index 100% rename from docs/wafd/umn/en-us_image_0000001731648345.png rename to docs/wafd/umn/en-us_image_0000002210228768.png diff --git a/docs/wafd/umn/en-us_image_0000001336165028.png b/docs/wafd/umn/en-us_image_0000002245108909.png similarity index 100% rename from docs/wafd/umn/en-us_image_0000001336165028.png rename to docs/wafd/umn/en-us_image_0000002245108909.png diff --git a/docs/wafd/umn/en-us_image_0210924450.jpg b/docs/wafd/umn/en-us_image_0210924450.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0210924450.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0269497434.jpg b/docs/wafd/umn/en-us_image_0269497434.jpg deleted file mode 100644 index 22c76c8e5..000000000 Binary files a/docs/wafd/umn/en-us_image_0269497434.jpg and /dev/null differ diff --git a/docs/wafd/umn/en-us_image_0301168075.png b/docs/wafd/umn/en-us_image_0301168075.png index 9f433f712..f87277a3f 100644 Binary files a/docs/wafd/umn/en-us_image_0301168075.png and b/docs/wafd/umn/en-us_image_0301168075.png differ diff --git a/docs/wafd/umn/en-us_topic_0000002112591942.html b/docs/wafd/umn/en-us_topic_0000002112591942.html deleted file mode 100644 index 2b1ebf442..000000000 --- a/docs/wafd/umn/en-us_topic_0000002112591942.html +++ /dev/null @@ -1,15 +0,0 @@ - - -

Applying for a Cloud WAF Instance

-

To use WAF load balancer access mode, you need to apply for a cloud WAF instance. Pay-per-use billing (postpayment) is supported for WAF cloud instances.

-

To apply for pay-per-use cloud instances, contact technical support first.

-
-

Applying for a Pay-per-Use Cloud WAF Instance

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
  4. In the upper right corner, click Create WAF.
  5. (Optional): Select an enterprise project from the Enterprise Project drop-down list.

    This option is only available if you are logged in using an enterprise account, or if you have enabled enterprise projects. You can use enterprise projects to more efficiently manage cloud resources and project members.

    -

    default: indicates the default enterprise project. Resources that are not allocated to any enterprise projects under your account are listed in the default enterprise project.

    -
    -

  1. On the Apply for Web Application Firewall page, set WAF Mode to Cloud Mode and Billing Mode to Pay-per-use.
  2. In the lower right corner of the page, click Next.
  3. Click Back to Website Settings and add domain names you want to protect on the Website Settings page.

    If you want to disable WAF, choose Instance Management > Product Details, and click Disable Pay-Per-Use Billing next to Cloud Mode.

    -
    -

-
-
- diff --git a/docs/wafd/umn/waf_01_0001.html b/docs/wafd/umn/waf_01_0001.html index d84babafd..7904c15f9 100644 --- a/docs/wafd/umn/waf_01_0001.html +++ b/docs/wafd/umn/waf_01_0001.html @@ -12,7 +12,7 @@

Impact on the System

Modifying the server configuration does not affect services.

-

Modifying Server Information of One Website

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
  4. In the navigation pane on the left, choose Website Settings.
  5. In the Domain Name column, click the domain name of the website to go to the basic information page.
  6. In the Origin Servers area, click Edit.
  7. On the Edit Server Information page, edit the server configurations (such as client protocols and associated certificates).

    +

    Modifying Server Information of One Website

    1. Log in to the management console.
    2. Click in the upper left corner of the management console and select a region or project.
    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
    4. In the navigation pane on the left, choose Website Settings.
    5. In the Domain Name column, click the domain name of the website to go to the basic information page.
    6. In the Origin Servers area, click Edit.
    7. On the Edit Server Information page, edit the server configurations (such as client protocols and associated certificates).

    8. Click Confirm.
diff --git a/docs/wafd/umn/waf_01_0003.html b/docs/wafd/umn/waf_01_0003.html index 4238ec76f..5d8595b4b 100644 --- a/docs/wafd/umn/waf_01_0003.html +++ b/docs/wafd/umn/waf_01_0003.html @@ -10,7 +10,7 @@

Impact on the System

If you suspend WAF protection, WAF does not scan for attacks and only forwards requests to origin servers. This is risky. To avoid normal requests from being blocked, configure global protection whitelist rules, instead of suspending WAF protection.

-

Changing the Protection Mode (Enabling/Suspending WAF Protection)

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
  4. In the navigation pane on the left, choose Website Settings.

    • Enabling protection: In the row containing the target domain name, click Enable WAF in the Operation column. In the displayed dialog box, click Confirm. If you Enable WAF, the Status of the domain name changes to Protected.
    • Suspending protection: In the row containing the target domain name, click Suspend WAF in the Operation column. In the displayed dialog box, click Confirm. If you Suspend WAF, the Status of the domain name changes to Unprotected.
    +

    Changing the Protection Mode (Enabling/Suspending WAF Protection)

    1. Log in to the management console.
    2. Click in the upper left corner of the management console and select a region or project.
    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
    4. In the navigation pane on the left, choose Website Settings.

      • Enabling protection: In the row containing the target domain name, click Enable WAF in the Operation column. In the displayed dialog box, click Confirm. If you Enable WAF, the Status of the domain name changes to Protected.
      • Suspending protection: In the row containing the target domain name, click Suspend WAF in the Operation column. In the displayed dialog box, click Confirm. If you Suspend WAF, the Status of the domain name changes to Unprotected.

diff --git a/docs/wafd/umn/waf_01_0005.html b/docs/wafd/umn/waf_01_0005.html index 8f6f6d742..6f63f0a2c 100644 --- a/docs/wafd/umn/waf_01_0005.html +++ b/docs/wafd/umn/waf_01_0005.html @@ -6,7 +6,7 @@

Impact on the System

It takes about a minute to remove a website from WAF, but once this action is started, it cannot be cancelled. Exercise caution when removing a website from WAF.

-

Deleting a Protected Website from WAF

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
  4. In the navigation pane on the left, choose Website Settings.
  5. In the row containing the website domain name you want to delete, click Delete in the Operation column.
  6. In the displayed confirmation dialog box, confirm the deletion.

    If you want to retain the policy applied to the domain name, select Retain the policy of this domain name.

    +

    Deleting a Protected Website from WAF

    1. Log in to the management console.
    2. Click in the upper left corner of the management console and select a region or project.
    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
    4. In the navigation pane on the left, choose Website Settings.
    5. In the row containing the website domain name you want to delete, click Delete in the Operation column.
    6. In the displayed confirmation dialog box, confirm the deletion.

      If you want to retain the policy applied to the domain name, select Retain the policy of this domain name.

      Figure 1 Deleting a protected domain name from WAF

    7. Click OK.

      If Domain name deleted successfully is displayed in the upper right corner, the domain name of the website was deleted.

    diff --git a/docs/wafd/umn/waf_01_0008.html b/docs/wafd/umn/waf_01_0008.html index 9f27dcce6..45d98397e 100644 --- a/docs/wafd/umn/waf_01_0008.html +++ b/docs/wafd/umn/waf_01_0008.html @@ -2,38 +2,36 @@

    Configuring Basic Web Protection to Defend Against Common Web Attacks

    After this function is enabled, WAF can defend against common web attacks, such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections. You can also enable other checks in basic web protection, such as web shell detection, deep inspection against evasion attacks, and header inspection.

    -

    If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

    -

    Prerequisites

    You have added the website you want to protect to WAF.

    -

    Constraints

    • Basic web protection has two modes: Block and Log only.
    • If you select Block for Basic Web Protection, you can configure access control criteria for a known attack source. WAF will block requests matching the configured IP address, cookie, or params for a length of time configured as part of the rule.
    +

    Constraints

    • Basic web protection has two modes: Block and Log only.
    • If you select Block for Basic Web Protection, you can configure access control criteria for a known attack source. WAF will block requests matching the configured IP address, cookie, or params for a length of time configured as part of the rule.
    • Currently, Shiro decryption detection is not available in regions CN East-Qingdao and AP-Manila.
    -

    Enabling Basic Web Protection Rules

    1. Log in to the management console.
    2. Click in the upper left corner of the management console and select a region or project.
    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
    4. In the navigation pane on the left, choose Policies.
    5. Click the name of the target policy to go to the protection configuration page.
    6. Click the Basic Web Protection configuration area and toggle it on or off if needed.

      • : enabled.
      • : disabled.
      +

      Enabling Basic Web Protection Rules

      1. Log in to the management console.
      2. Click in the upper left corner of the management console and select a region or project.
      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
      4. In the navigation pane on the left, click Policies.
      5. Click the name of the target policy to go to the protection configuration page.
      6. Click the Basic Web Protection configuration area and toggle it on or off if needed.

        • : enabled.
        • : disabled.

      7. Click the Protection Status tab, and enable protection types one by one by referring to Table 2.

        Figure 1 Basic web protection
        1. Set the protective action.
        2. Set the protection level.

          In the upper part of the page, set Protection Level to Low, Medium, or High. The default value is Medium.

          -
          Table 1 Protection levels

          Protection Level

          +
          - - - - - - - @@ -43,36 +41,36 @@
        3. Set the protection type.

          By default, General Check is enabled. You can enable other protection types by referring to Table 2.

          -
          4. Table 1 Protection levels

          Protection Level

          Description

          +

          Description

          Low

          +

          Low

          WAF only blocks the requests with obvious attack signatures.

          +

          WAF only blocks the requests with obvious attack signatures.

          If a large number of false alarms are reported, Low is recommended.

          Medium

          +

          Medium

          The default level is Medium, which meets a majority of web protection requirements.

          +

          The default level is Medium, which meets a majority of web protection requirements.

          High

          +

          High

          At this level, WAF provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks.

          +

          At this level, WAF provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks.

          To let WAF defend against more attacks but make minimum effect on normal requests, observe your workloads for a period of time first. Then, configure a global protection whitelist rule and select High.
          Table 2 Protection types

          Type

          +
          - - - - - - - - - @@ -89,7 +87,7 @@

          Protection Effect

          If General Check is enabled and Mode is set to Block for your domain name, to verify WAF is protecting your website (www.example.com) against general check items:

          1. Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.

            -

          2. Clear the browser cache and enter http://www.example.com?id=1%27%20or%201=1 in the address box of the browser to simulate an SQL injection attack.
          3. Return to the WAF console. In the navigation pane, click Events. On the displayed page, view the event log.
          +

        4. Clear the browser cache and enter http://www.example.com?id=1%27%20or%201=1 in the address box of the browser to simulate an SQL injection attack.
        5. Return to the WAF console. In the navigation pane on the left, click Events. On the displayed page, view the event log.

          6. Example - Blocking SQL Injection Attacks

          If domain name www.example.com has been connected to WAF, perform the following steps to verify that WAF can block SQL injection attacks.

          1. Enable General Check in Basic Web Protection and set the protection mode to Block.

            Figure 2 Enabling General Check
            diff --git a/docs/wafd/umn/waf_01_0009.html b/docs/wafd/umn/waf_01_0009.html index 1d1d65e80..0a1637782 100644 --- a/docs/wafd/umn/waf_01_0009.html +++ b/docs/wafd/umn/waf_01_0009.html @@ -3,121 +3,120 @@

            Configuring CC Attack Protection Rules to Defend Against CC Attacks

            CC attack protection can limit the access to a protected website based on a single IP address, cookie, or referer. To use this protection, ensure that you have toggled on CC Attack Protection.

            A reference table can be added to a CC attack protection rule. The reference table takes effect for all protected domain names.

            -

            If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

            -

            Prerequisites

            You have added the website you want to protect to WAF.

            -

            Constraints

            • If you set Logic to Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them, select an existing reference table. For details, see Creating a Reference Table to Configure Protection Metrics in Batches.
            • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
            +

            Constraints

            • If you set Logic to Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them, select an existing reference table. For details, see Creating a Reference Table to Configure Protection Metrics in Batches.
            • It takes several minutes for a new rule to take effect. After a rule takes effect, protection events triggered by the rule will be displayed on the Events page.
            -

            Configuring a CC Attack Protection Rule

            1. Log in to the management console.
            2. Click in the upper left corner of the management console and select a region or project.
            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
            4. In the navigation pane on the left, choose Policies.
            5. Click the name of the target policy to go to the protection configuration page.
            6. Click the CC Attack Protection configuration area and toggle it on or off if needed.

              • : enabled.
              • : disabled.
              +

              Configuring a CC Attack Protection Rule

              1. Log in to the management console.
              2. Click in the upper left corner of the management console and select a region or project.
              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
              4. In the navigation pane on the left, click Policies.
              5. Click the name of the target policy to go to the protection configuration page.
              6. Click the CC Attack Protection configuration area and toggle it on or off if needed.

                • : enabled.
                • : disabled.

              7. In the upper left corner above the CC Attack Protection rule list, click Add Rule.
              8. In the displayed dialog box, configure a CC attack protection rule by referring to Table 1.

                Figure 1 Adding a CC attack protection rule
                -
          Table 2 Protection types

          Type

          Description

          +

          Description

          General Check

          +

          General Check

          Defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections. SQL injection attacks are mainly detected based on semantics.

          +

          Defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections. SQL injection attacks are mainly detected based on semantics.

          NOTE:

          If you enable General Check, WAF checks your websites based on the built-in rules.

          Webshell Detection

          +

          Webshell Detection

          Protects against web shells from upload interface.

          +

          Protects against web shells from upload interface.

          NOTE:

          If you enable Webshell Detection, WAF detects web page Trojan horses inserted through the upload interface.

          Deep Inspection

          +

          Deep Inspection

          Identifies and blocks evasion attacks, such as the ones that use homomorphic character obfuscation, command injection with deformed wildcard characters, UTF7, data URI scheme, and other techniques.

          -
          NOTE:

          If you enable Deep Inspection, WAF detects and defends against evasion attacks in depth.

          +

          Identifies and blocks evasion attacks, such as the ones that use homomorphic character obfuscation, command injection with deformed wildcard characters, UTF7, data URI scheme, and other techniques.

          +
          NOTE:

          If you enable Deep Inspection, WAF detects and defends against evasion attacks in depth.

          Header Inspection

          +

          Header Inspection

          This function is disabled by default. When it is disabled, General Check will check some of the header fields, such as User-Agent, Content-type, Accept-Language, and Cookie.

          +

          This function is disabled by default. When it is disabled, General Check will check some of the header fields, such as User-Agent, Content-type, Accept-Language, and Cookie.

          NOTE:

          If you enable this function, WAF checks all header fields in the requests.
          Table 1 Rule parameters

          Parameter

          +
          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -131,7 +130,7 @@
          1. Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.

          2. Clear the browser cache, enter http://www.example.com/admin in the address bar, and refresh the page 10 times within 60 seconds. In normal cases, the custom block page will be displayed the eleventh time you refresh the page, and the requested page will be accessible when you refresh the page 60 seconds later.

            If you select Verification code for protective action, a verification code is required for visitors to continue the access if they exceed the configured rate limit.

            Figure 2 Verification code
            -

          3. Return to the WAF console. In the navigation pane, click Events. On the displayed page, view the event log.
          +

        6. Return to the WAF console. In the navigation pane on the left, choose Events. On the displayed page, view the event log.

          7. Configuration Example - Verification Code

          If domain name www.example.com has been connected to WAF, perform the following steps to verify that WAF CAPTCHA verification is enabled.

          1. Add a CC attack protection rule with Protection Action set to Verification code.

            Figure 3 Verification code
            diff --git a/docs/wafd/umn/waf_01_0010.html b/docs/wafd/umn/waf_01_0010.html index 6223313ae..364b0c02b 100644 --- a/docs/wafd/umn/waf_01_0010.html +++ b/docs/wafd/umn/waf_01_0010.html @@ -3,8 +3,6 @@

            Configuring Custom Precise Protection Rules

            You can combine common HTTP fields, such as IP, Path, Referer, User Agent, and Params in a protection rule to let WAF allow, block, or only log the requests that match the combined conditions.

            A reference table can be added to a precise protection rule. The reference table takes effect for all protected domain names.

            -

            If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

            -

            Prerequisites

            You have added the website you want to protect to WAF.

            Constraints

            @@ -12,7 +10,7 @@

            Application Scenarios

            Precise protection rules are used for anti-leeching and website management background protection.

            -

            Configuring a Precise Protection Rule

            1. Log in to the management console.
            2. Click in the upper left corner of the management console and select a region or project.
            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
            4. In the navigation pane on the left, choose Policies.
            5. Click the name of the target policy to go to the protection configuration page.
            6. Click the Precise Protection configuration area and toggle it on or off if needed.

              • : enabled.
              • : disabled.
              +

              Configuring a Precise Protection Rule

              1. Log in to the management console.
              2. Click in the upper left corner of the management console and select a region or project.
              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
              4. In the navigation pane on the left, click Policies.
              5. Click the name of the target policy to go to the protection configuration page.
              6. Click the Precise Protection configuration area and toggle it on or off if needed.

                • : enabled.
                • : disabled.

              7. On the Precise Protection page, set Detection Mode.

                Two detection modes are available:
                • Instant detection: If a request matches a configured precise protection rule, WAF immediately ends threat detection and blocks the request.
                • Full detection: If a request matches a configured precise protection rule, WAF finishes its scan first and then blocks all requests that match the configured precise protection rule.

              8. In the upper left corner above the Precise Protection rule list, click Add Rule.
              9. In the displayed dialog box, add a rule by referring to Table 1.

                The settings shown in Figure 1 are used as an example. If a visitor tries to access a URL containing /admin, WAF will block the request.

                @@ -21,85 +19,85 @@
                Figure 1 Add Precise Protection Rule
                -
          Table 1 Rule parameters

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Rule Description

          +

          Rule Description

          A brief description of the rule. This parameter is optional.

          +

          A brief description of the rule. This parameter is optional.

          --

          +

          --

          Rate Limit Mode

          +

          Rate Limit Mode

          • Per IP address: A website visitor is identified by the IP address.
          • Per user: A website visitor is identified by the key value of Cookie or Header.
          • Other: A website visitor is identified by the Referer field (user-defined request source).
          +
          • Per IP address: A website visitor is identified by the IP address.
          • Per user: A website visitor is identified by the key value of Cookie or Header.
          • Other: A website visitor is identified by the Referer field (user-defined request source).
          NOTE:

          If you set Rate Limit Mode to Other, set Content of Referer to a complete URL containing the domain name. The Content field supports prefix match and exact match only, but cannot contain two or more consecutive slashes, for example, ///admin. If you enter ///admin, WAF will convert it to /admin.

          For example, if you do not want visitors to access www.test.com, set Referer to http://www.test.com.

          --

          +

          --

          User Identifier

          +

          User Identifier

          This parameter is mandatory when you select Per user for Rate Limit Mode.

          +

          This parameter is mandatory when you select Per user for Rate Limit Mode.

          • Cookie: A cookie field name. You need to configure an attribute variable name in the cookie that can uniquely identify a web visitor based on your website requirements. This field does not support regular expressions. Only complete matches are supported.

            For example, if a website uses the name field in the cookie to uniquely identify a web visitor, enter name.

          • Header: Set the user-defined HTTP header you want to protect. You need to configure the HTTP header that can identify web visitors based on your website requirements.

          name

          +

          name

          Trigger

          +

          Trigger

          Click Add and add conditions. At least one condition is required, but up to 30 conditions are allowed. If you add more than one condition, the rule will only take effect when all conditions are met.

          -
          • Field
          • Subfield: Configure this field only when IPv4, Cookie, Header, or Params is selected for Field.
            NOTICE:

            A subfield cannot exceed 2,048 bytes.

            +

          Click Add and add conditions. At least one condition is required, but up to 30 conditions are allowed. If you add more than one condition, the rule will only take effect when all conditions are met.

          +
          • Field
          • Subfield: Configure this field only when IPv4, Cookie, Header, or Params is selected for Field.
            NOTICE:

            A subfield cannot exceed 2,048 characters.

          • Logic: Select a logical relationship from the drop-down list.
            NOTE:

            If you set Logic to Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them, select an existing reference table. For details, see Creating a Reference Table to Configure Protection Metrics in Batches.

            -
          • Content: Enter or select the content that matches the condition.
          +
        7. Content: Enter or select the content that matches the condition.

          If you enable this, the system matches the case-sensitive content. It helps the system precisely identify requests and respond to them accurately, making protection policies work better.

          +

          8. Path Include /admin

          +

          Path Include /admin

          Rate Limit

          +

          Rate Limit

          The number of requests allowed from a website visitor in the rate limit period. If the number of requests exceeds the rate limit, WAF takes the action you configure for Protective Action.

          +

          The number of requests allowed from a website visitor in the rate limit period. If the number of requests exceeds the rate limit, WAF takes the action you configure for Protective Action.

          10 requests allowed in 60 seconds

          +

          10 requests allowed in 60 seconds

          Protective Action

          +

          Protective Action

          The action that WAF will take if the number of requests exceeds Rate Limit you configured. The options are as follows:

          +

          The action that WAF will take if the number of requests exceeds Rate Limit you configured. The options are as follows:

          • Verification code: WAF allows requests that trigger the rule as long as your website visitors complete the required verification.
          • Block: WAF blocks requests that trigger the rule.
          • Block dynamically: WAF blocks requests that trigger the rule based on Allowable Frequency, which you configure after the first rate limit period is over.
          • Log only: WAF only logs requests that trigger the rule.

          Block

          +

          Block

          Application Schedule

          +

          Application Schedule

          • Immediate: The rule works immediately after it is enabled.
          • Custom: You can select a time range for the rule to work.
          +
          • Immediate: The rule works immediately after it is enabled.
          • Custom: You can select a time range for the rule to work.

          Immediate

          +

          Immediate

          Allowable Frequency

          +

          Allowable Frequency

          This parameter can be set if you select Block dynamically for Protective Action.

          +

          This parameter can be set if you select Block dynamically for Protective Action.

          WAF blocks requests that trigger the rule based on Rate Limit first. Then, in the following rate limit period, WAF blocks requests that trigger the rule based on Allowable Frequency you configure.

          Allowable Frequency cannot be larger than Rate Limit.

          NOTE:

          If you set Allowable Frequency to 0, WAF blocks all requests that trigger the rule in the next rate limit period.

          8 requests allowed in 60 seconds

          +

          8 requests allowed in 60 seconds

          Block Duration

          +

          Block Duration

          Period of time for which to block the item when you set Protective Action to Block.

          +

          Period of time for which to block the item when you set Protective Action to Block.

          600 seconds

          +

          600 seconds

          Block Page

          +

          Block Page

          The page displayed if the request limit has been reached. This parameter is configured only when Protective Action is set to Block.

          +

          The page displayed if the request limit has been reached. This parameter is configured only when Protective Action is set to Block.

          • If you select Default settings, the default block page is displayed.
          • If you select Custom, you can write a custom error message, so that WAF will return this message to website visitors when their requests are blocked.

          Custom

          +

          Custom

          Block Page Type

          +

          Block Page Type

          If you select Custom for Block Page, select a type of the block page among options application/json, text/html, and text/xml.

          +

          If you select Custom for Block Page, select a type of the block page among options application/json, text/html, and text/xml.

          text/html

          +

          text/html

          Page Content

          +

          Page Content

          If you select Custom for Block Page, configure the content to be returned.

          +

          If you select Custom for Block Page, configure the content to be returned.

          Page content styles corresponding to different page types are as follows:

          +

          Page content styles corresponding to different page types are as follows:

          • text/html: <html><body>Forbidden</body></html>
          • application/json: {"msg": "Forbidden"}
          • text/xml: <?xml version="1.0" encoding="utf-8"?><error> <msg>Forbidden</msg></error>
          Table 1 Rule parameters

          Parameter

          +
          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -111,19 +109,19 @@

          Protection Effect

          To verify WAF is protecting your website (www.example.com) against the rule as shown in Figure 1:

          -
          1. Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.

            -

          2. Clear the browser cache and enter http://www.example.com/admin (or any page containing /admin) in the address bar. Normally, WAF blocks the requests that meet the conditions and returns the block page.
          3. Return to the WAF console. In the navigation pane, choose Events. On the displayed page, view the event log.
          +
          1. Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.

            +

          2. Clear the browser cache and enter http://www.example.com/admin (or any page containing /admin) in the address bar. Normally, WAF blocks the requests that meet the conditions and returns the block page.
          3. Return to the WAF console. In the navigation pane on the left, choose Events. On the displayed page, view the event log.

          Configuration Example - Blocking a Certain Type of Attack Requests

          Analysis of a specific type of WordPress pingback attack shows that the User Agent field contains WordPress.

          Figure 2 WordPress pingback attack

          A precise rule as shown in the figure can block this type of attack.

          Figure 3 User Agent configuration
          -

          Configuration Example - Blocking Requests to a Certain URL

          If a large number of IP addresses are accessing a URL that does not exist, configure the following protection rule to block such requests to reduce resource usage on the origin server.

          -
          Figure 4 Blocking requests to a specific URL
          +

          Configuration Example - Blocking Requests to a Certain URL

          If a large number of IP addresses are accessing a URL that does not exist, configure the following protection rule to block such requests to reduce resource usage on the origin server. Figure 4 shows an example.

          +
          Figure 4 Blocking requests to a specific URL
          -

          Configuration Example - Blocking Requests with null Fields

          You can configure precise protection rules to block requests having null fields.

          -
          Figure 5 Blocking requests with empty Referer
          +

          Configuration Example - Blocking Requests with null Fields

          You can configure precise protection rules to block requests having null fields. Figure 5 shows an example.

          +
          Figure 5 Blocking requests with empty Referer

          Configuration Example - Blocking Specified File Types (ZIP, TAR, and DOCX)

          You can configure file types that match the path field to block specific files of certain types. For example, if you want to block .zip files, you can configure a precise protection rule as shown in Figure 6 to block access requests of .zip files.

          Figure 6 Blocking requests of specific file types
          diff --git a/docs/wafd/umn/waf_01_0012.html b/docs/wafd/umn/waf_01_0012.html index 786585d87..e088fd00e 100644 --- a/docs/wafd/umn/waf_01_0012.html +++ b/docs/wafd/umn/waf_01_0012.html @@ -2,63 +2,61 @@

          Configuring IP Address Blacklist and Whitelist Rules to Block or Allow Specified IP Addresses

          You can configure blacklist and whitelist rules to block, log only, or allow access requests from specific IP addresses or IP address ranges. Whitelist rules have a higher priority than blacklist rules.

          -

          If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

          -

          Prerequisites

          You have added the website you want to protect to WAF.

          Constraints

          • When you add a website through Cloud Mode - Load balancer and set Frontend Protocol of the listener of your ELB load balancer to TCP, UDP, or QUIC, this type of rule does not take effect.
          • WAF does not support batch import of blacklists or whitelists. To configure multiple IP address or IP address range rules, add blacklist and whitelist rules one by one to allow or block specified IP addresses or IP address ranges.
          • The address 0.0.0.0/0 cannot be added to a WAF IP address blacklist or whitelist, and if a whitelist conflicts with a blacklist, the whitelist rule takes priority. If you want to allow only a specific IP address within a range of blocked addresses, add a blacklist rule to block the range and then add a whitelist rule to allow the individual address you wish to allow.
          • If you set Protective Action to Block for a blacklist or whitelist rule, you can set a known attack source to block the visitor for a certain period of time; however, the known attack source with Long-term IP address blocking or Short-term IP address blocking configured cannot be set for a blacklist or whitelist rule. WAF will block requests matching the configured Cookie or Params for a block duration you specify.
          • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.

          Impact on the System

          If an IP address is added to a blacklist or whitelist, WAF blocks or allows requests from that IP address without checking whether the requests are malicious.

          -

          Configuring an IP Address Blacklist or Whitelist Rule

          1. Log in to the management console.
          2. Click in the upper left corner of the management console and select a region or project.
          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
          4. In the navigation pane on the left, choose Policies.
          5. Click the name of the target policy to go to the protection configuration page.
          6. Click the Blacklist and Whitelist configuration area and toggle it on or off if needed.

            • : enabled.
            • : disabled.
            -

          7. In the upper left corner above the Blacklist and Whitelist list, click Add Rule.
          8. In the displayed dialog box, specify the parameters by referring to Table 1.

            • If you select Log only for Protective Action for an IP address, WAF only identifies and logs requests from the IP address.
            • Other IP addresses are evaluated based on other configured WAF protection rules.
            +

            Configuring an IP Address Blacklist or Whitelist Rule

            1. Log in to the management console.
            2. Click in the upper left corner of the management console and select a region or project.
            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
            4. In the navigation pane on the left, click Policies.
            5. Click the name of the target policy to go to the protection configuration page.
            6. Click the Blacklist and Whitelist configuration area and toggle it on or off if needed.

              • : enabled.
              • : disabled.
              +

            7. In the upper left corner above the Blacklist and Whitelist list, click Add Rule.
            8. In the Add Blacklist/Whitelist Rule dialog box, add a blacklist or whitelist rule . For details about the parameters, see Table 1.

              • If you select Log only for Protective Action for an IP address, WAF only identifies and logs requests from the IP address.
              • Other IP addresses are evaluated based on other configured WAF protection rules.
              Figure 1 Adding a blacklist or whitelist rule
              -
          Table 1 Rule parameters

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Rule Description

          +

          Rule Description

          A brief description of the rule. This parameter is optional.

          +

          A brief description of the rule. This parameter is optional.

          None

          +

          None

          Condition List

          +

          Condition List

          Click Add and add conditions. At least one condition is required for a rule, but up to 30 conditions are allowed. If you add more than one condition, the rule will only take effect when all conditions are met.

          -
          Parameters for configuring a condition are described as follows:
          • Field
          • Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
          • Logic: Select a logical relationship from the drop-down list.
            NOTE:
            • If Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them is selected, select an existing reference table in the Content drop-down list. For details, see Creating a Reference Table to Configure Protection Metrics in Batches.
            • Exclude any value, Not equal to any value, Prefix is not any of them, and Suffix is not any of them indicates, respectively, that WAF performs the protection action (block, allow, or log only) when the field in the access request does not contain, is not equal to, or the prefix or suffix is not any value set in the reference table. For example, assume that Path field is set to Exclude any value and the test reference table is selected. If test1, test2, and test3 are set in the test reference table, WAF performs the protection action when the path of the access request does not contain test1, test2, or test3.
            +

          Click Add and add conditions. At least one condition is required for a rule, but up to 30 conditions are allowed. If you add more than one condition, the rule will only take effect when all conditions are met.

          +
          Parameters for configuring a condition are described as follows:
          • Field
          • Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
          • Logic: Select a logical relationship from the drop-down list.
            NOTE:
            • If Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them is selected, select an existing reference table in the Content drop-down list. For details, see Creating a Reference Table to Configure Protection Metrics in Batches.
            • Exclude any value, Not equal to any value, Prefix is not any of them, and Suffix is not any of them indicates, respectively, that WAF performs the protection action (block, allow, or log only) when the field in the access request does not contain, is not equal to, or the prefix or suffix is not any value set in the reference table. For example, assume that Path field is set to Exclude any value and the test reference table is selected. If test1, test2, and test3 are set in the test reference table, WAF performs the protection action when the path of the access request does not contain test1, test2, or test3.
          • Content: Enter or select the content of condition matching.
            NOTE:

            For more details about the configurations in general, see Table 1.

          Path Include /admin

          +

          Path Include /admin

          Protective Action

          +

          Protective Action

          • Block: The request that hit the rule will be blocked and a block response page is returned to the client that initiates the request. By default, WAF uses a unified block response page. You can also customize this page.
          • Allow: Requests that hit the rule are forwarded to backend servers.
          • Log only: Requests that hit the rule are not blocked, but will be logged. You can use WAF logs to query requests that hit the current rule and analyze the protection results of the rule. For example, check whether there are requests that are blocked mistakenly.
          +
          • Block: The request that hit the rule will be blocked and a block response page is returned to the client that initiates the request. By default, WAF uses a unified block response page. You can also customize this page.
          • Allow: Requests that hit the rule are forwarded to backend servers.
          • Log only: Requests that hit the rule are not blocked, but will be logged. You can use WAF logs to query requests that hit the current rule and analyze the protection results of the rule. For example, check whether there are requests that are blocked mistakenly.

          Block

          +

          Block

          Known Attack Source

          +

          Known Attack Source

          If you set Protective Action to Block, you can select a blocking type for a known attack source rule. Then, WAF blocks requests matching the configured IP, Cookie, or Params for a length of time that depends on the selected blocking type.

          +

          If you set Protective Action to Block, you can select a blocking type for a known attack source rule. Then, WAF blocks requests matching the configured IP, Cookie, or Params for a length of time that depends on the selected blocking type.

          Long-term IP address blocking

          +

          Long-term IP address blocking

          Priority

          +

          Priority

          Rule priority. If you have added multiple rules, rules are matched by priority. The smaller the value you set, the higher the priority.

          +

          Rule priority. If you have added multiple rules, rules are matched by priority. The smaller the value you set, the higher the priority.

          NOTICE:

          If multiple precise access control rules have the same priority, WAF matches the rules in the sequence of time the rules are added.

          5

          +

          5

          Application Schedule

          +

          Application Schedule

          Select Immediate to enable the rule immediately, or select Custom to configure when you wish the rule to be enabled.

          +

          Select Immediate to enable the rule immediately, or select Custom to configure when you wish the rule to be enabled.

          Immediate

          +

          Immediate

          Block Page

          +

          Block Page

          If Protective Action is set to Block, you can configure an error page you want to return to the visitors.

          +

          If Protective Action is set to Block, you can configure an error page you want to return to the visitors.

          • If you select Default settings, the default block page is displayed.
          • If you select Custom, you can write a custom error message, so that WAF will return this message to website visitors when their requests are blocked.

          Custom

          +

          Custom

          Block Page Type

          +

          Block Page Type

          If you select Custom for Block Page, select a type of the block page among options application/json, text/html, and text/xml.

          +

          If you select Custom for Block Page, select a type of the block page among options application/json, text/html, and text/xml.

          text/html

          +

          text/html

          Page Content

          +

          Page Content

          If you select Custom for Block Page, configure the content to be returned.

          +

          If you select Custom for Block Page, configure the content to be returned.

          Page content styles corresponding to different page types are as follows:

          +

          Page content styles corresponding to different page types are as follows:

          • text/html: <html><body>Forbidden</body></html>
          • application/json: {"msg": "Forbidden"}
          • text/xml: <?xml version="1.0" encoding="utf-8"?><error> <msg>Forbidden</msg></error>
          Table 1 Rule parameters

          Parameter

          +
          - - - - - - - + + + + - - - - - - - - - - - @@ -70,7 +68,7 @@

          Protection Effect

          To verify WAF is protecting your website (www.example.com) against a rule:

          1. Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.

            -

          2. Blacklist the IP address of a client according to the instructions in Configuring an IP Address Blacklist or Whitelist Rule.
          3. Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
          4. Return to the WAF console. In the navigation pane, click Events. On the displayed page, view the event log.
          +

        8. Blacklist the IP address of a client according to the instructions in Configuring an IP Address Blacklist or Whitelist Rule.
        9. Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
        10. Return to the WAF console. In the navigation pane on the left, click Events. On the displayed page, view the event log.

          11. Example Configuration - Allowing a Specified IP Addresses

          If domain name www.example.com has been connected to WAF, you can perform the following steps to verify the rule takes effect:

          1. Add a rule to block all source IP addresses.

            • Method 1: Add the following two blacklist rules to block all source IP addresses, as shown in Figure 2 and Figure 3.
              Figure 2 Blocking IP address range 1.0.0.0/1
              diff --git a/docs/wafd/umn/waf_01_0013.html b/docs/wafd/umn/waf_01_0013.html index fceecf483..9173f3b75 100644 --- a/docs/wafd/umn/waf_01_0013.html +++ b/docs/wafd/umn/waf_01_0013.html @@ -2,42 +2,40 @@

              Configuring Geolocation Access Control Rules to Block or Allow Requests from Specific Locations

              WAF can identify where a request originates. You can set geolocation access control rules in just a few clicks and let WAF block or allow requests from a certain region. A geolocation access control rule allows you to allow or block requests from IP addresses from specified countries or regions.

              -

              If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

              -

              Prerequisites

              You have added the website you want to protect to WAF.

              Constraints

              • When you add a website through Cloud Mode - Load balancer and set Frontend Protocol of the listener of your ELB load balancer to TCP, UDP, or QUIC, this type of rule does not take effect.
              • One region can be configured in only one geolocation access control rule.
              • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
              -

              Configuring a Geolocation Access Control Rule

              1. Log in to the management console.
              2. Click in the upper left corner of the management console and select a region or project.
              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
              4. In the navigation pane on the left, choose Policies.
              5. Click the name of the target policy to go to the protection configuration page.
              6. Click the Geolocation Access Control configuration area and toggle it on or off if needed.

                • : enabled.
                • : disabled.
                +

                Configuring a Geolocation Access Control Rule

                1. Log in to the management console.
                2. Click in the upper left corner of the management console and select a region or project.
                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                4. In the navigation pane on the left, click Policies.
                5. Click the name of the target policy to go to the protection configuration page.
                6. Click the Geolocation Access Control configuration area and toggle it on or off if needed.

                  • : enabled.
                  • : disabled.

                7. In the upper left corner above the Geolocation Access Control list, click Add Rule.
                8. In the displayed dialog box, add a geolocation access control rule by referring to Table 1.

                  Figure 1 Adding a geolocation access control rule
                  -
          Table 1 Rule parameters

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Rule Name

          +

          Rule Name

          Rule name you entered.

          +

          Enter the name of the blacklist or whitelist rule.

          WAF

          +

          waf

          IP Address/Range

          +

          Rule Description (Optional)

          IP addresses or IP address ranges are supported.

          +

          Enter remarks for the blacklist or whitelist rule.

          +

          None

          +

          IP Address/Range

          +

          IP addresses or IP address ranges are supported.

          • IP address: IP address to be added to the blacklist or whitelist
          • IP address range: IP address and subnet mask defining a network segment

          XXX.XXX.2.3

          +

          XXX.XXX.2.3

          Protective Action

          +

          Protective Action

          • Block: Select Block if you want to blacklist an IP address or IP address range.
          • Allow: Select Allow if you want to whitelist an IP address or IP address range.
          • Log only: Select Log only if you want to observe an IP address or IP address range. Then, WAF determines whether the IP address or IP address range are blacklisted or whitelisted based on the events data.
          +
          • Block: Select Block if you want to blacklist an IP address or IP address range.
          • Allow: Select Allow if you want to whitelist an IP address or IP address range.
          • Log only: Select Log only if you want to observe an IP address or IP address range. Then, WAF determines whether the IP address or IP address range are blacklisted or whitelisted based on the events data.

          Block

          +

          Block

          Known Attack Source

          +

          Known Attack Source

          If you select Block for Protective Action, you can select a blocking type of a known attack source rule. WAF will block requests matching the configured Cookie or Params for a length of time configured as part of the rule.

          +

          If you select Block for Protective Action, you can select a blocking type of a known attack source rule. WAF will block requests matching the configured Cookie or Params for a length of time configured as part of the rule.

          NOTE:

          Do not select the Long-term IP address blocking for a long time or Short-term IP address blocking for Blocking Type.

          Long-term Cookie blocking

          -

          Rule Description

          -

          A brief description of the rule. This parameter is optional.

          -

          None

          +

          Long-term Cookie blocking
          Table 1 Rule parameters

          Parameter

          +
          - - - - - - - - - - - @@ -65,7 +63,7 @@

          Protection Effect

          To verify WAF is protecting your website (www.example.com) against a rule:

          1. Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.

            -

          2. Add a geolocation access control rule by referring to Configuring a Geolocation Access Control Rule.
          3. Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
          4. Return to the WAF console. In the navigation pane, click Events. On the displayed page, view the event log.
          +

        11. Add a geolocation access control rule by referring to Configuring a Geolocation Access Control Rule.
        12. Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
        13. Return to the WAF console. In the navigation pane on the left, click Events. On the displayed page, view the event log.
          14. diff --git a/docs/wafd/umn/waf_01_0014.html b/docs/wafd/umn/waf_01_0014.html index b1db9bd5d..2be66932e 100644 --- a/docs/wafd/umn/waf_01_0014.html +++ b/docs/wafd/umn/waf_01_0014.html @@ -2,12 +2,10 @@

          Configuring Web Tamper Protection Rules to Prevent Static Web Pages from Being Tampered With

          You can set web tamper protection rules to protect specific website pages (such as the ones contain important content) from being tampered with. If a web page protected with such a rule is requested, WAF returns the origin page it has cached based on the rule so that visitors always receive the authenticate web pages.

          -

          If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

          -

          How It Works

          • Return directly the cached web page to the normal web visitor to accelerate request response.
          • Return the cached original web pages to visitors if an attacker has tampered with the static web pages. This ensures that your website visitors always get the right web pages.
          • Protect all resources in the web page path. For example, if a web tamper protection rule is configured for a static page pointed to www.example.com/index.html, WAF protects the web page pointed to /index.html and related resources associated with the web page.

            So, if the URL in the Referer header field is the same as the configured anti-tamper path, for example, /index.html, all resources (resources ending with png, jpg, jpeg, gif, bmp, css or js) matching the request are also cached.

          -

          Prerequisites

          You have added your website to a policy.

          +

          Prerequisites

          You have added the website you want to protect to WAF or added a new protection policy.

          Constraints

          • The ELB access mode does not support this type protection rule.
          • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
          • Ensure that the origin server response contains the Content-Type response header, or WAF may fail to cache the origin server response.
          @@ -15,41 +13,41 @@
        14. Web tamper protection

          If an attacker modifies a static web page on the server, WAF still returns the cached original web page to visitors. Visitors never see the pages that were tampered with.

          15. -

          Configuring a Web Tamper Protection Rule

          1. Log in to the management console.
          2. Click in the upper left corner of the management console and select a region or project.
          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
          4. In the navigation pane on the left, choose Policies.
          5. Click the name of the target policy to go to the protection configuration page.
          6. Click the Web Tamper Protection configuration area and toggle it on or off if needed.

            • : enabled.
            • : disabled.
            +

            Configuring a Web Tamper Protection Rule

            1. Log in to the management console.
            2. Click in the upper left corner of the management console and select a region or project.
            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
            4. In the navigation pane on the left, click Policies.
            5. Click the name of the target policy to go to the protection configuration page.
            6. Click the Web Tamper Protection configuration area and toggle it on or off if needed.

              • : enabled.
              • : disabled.

            7. In the upper left corner above the Web Tamper Protection rule list, click Add Rule.
            8. In the displayed dialog box, specify the parameters by referring to Table 1.

              Figure 1 Adding a web tamper protection rule
              -
          Table 1 Rule parameters

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Rule Description

          +

          Rule Description

          A brief description of the rule. This parameter is optional.

          +

          A brief description of the rule. This parameter is optional.

          waf

          +

          waf

          Geolocation

          +

          Geolocation

          Geographical scope of the IP address.

          +

          Geographical scope of the IP address.

          -

          +

          -

          Protective Action

          +

          Protective Action

          Action WAF will take if the rule is hit. You can select Block, Allow, or Log only.

          +

          Action WAF will take if the rule is hit. You can select Block, Allow, or Log only.

          Block

          +

          Block
          Table 1 Rule parameters

          Parameter

          +
          - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0015.html b/docs/wafd/umn/waf_01_0015.html index fc09231c6..df51177f4 100644 --- a/docs/wafd/umn/waf_01_0015.html +++ b/docs/wafd/umn/waf_01_0015.html @@ -2,8 +2,6 @@

          Configuring Anti-Crawler Rules

          You can configure website anti-crawler protection rules to protect against search engines, scanners, script tools, and other crawlers, and use JavaScript to create custom anti-crawler protection rules.

          -

          If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

          -

          Prerequisites

          You have added the website you want to protect to WAF.

          Constraints

          • Cookies must be enabled and JavaScript supported by any browser used to access a website protected by anti-crawler protection rules.
          • If your service is connected to CDN, exercise caution when using the JS anti-crawler function.

            CDN caching may impact JS anti-crawler performance and page accessibility.

            @@ -18,57 +16,57 @@

            WAF only logs JavaScript challenge and JavaScript authentication events. No other protective actions can be configured for JavaScript challenge and authentication.

          -

          Configuring an Anti-Crawler Rule

          1. Log in to the management console.
          2. Click in the upper left corner of the management console and select a region or project.
          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
          4. In the navigation pane on the left, choose Policies.
          5. Click the name of the target policy to go to the protection configuration page.
          6. Click the Anti-Crawler configuration area and toggle it on or off if needed.

            • : enabled.
            • : disabled.
            -

          7. Select the Feature Library tab and enable the protection by referring to Table 1.

            A feature-based anti-crawler rule has two protective actions:
            • Block

              WAF blocks and logs detected attacks.

              +

              Configuring an Anti-Crawler Rule

              1. Log in to the management console.
              2. Click in the upper left corner of the management console and select a region or project.
              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
              4. In the navigation pane on the left, click Policies.
              5. Click the name of the target policy to go to the protection configuration page.
              6. Click the Anti-Crawler configuration area and toggle it on or off if needed.

                • : enabled.
                • : disabled.
                +

              7. Select the Feature Library tab and enable the protection by referring to Table 1. Figure 3 shows an example.

                A feature-based anti-crawler rule has two protective actions:
                • Block

                  WAF blocks and logs detected attacks.

                  Enabling this feature may have the following impacts:

                  • Blocking requests of search engines may affect your website SEO.
                  • Blocking scripts may block some applications because those applications may trigger anti-crawler rules if their user-agent field is not modified.
                • Log only

                  Detected attacks are logged only. This is the default protective action.

                -
                Scanner is enabled by default, but you can enable other protection types if needed.
                Figure 3 Feature Library
                +
                Scanner is enabled by default, but you can enable other protection types if needed.
                Figure 3 Feature Library
                -
          Table 1 Rule parameters

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Domain Name

          +

          Domain Name

          Domain name of the website to be protected

          +

          Domain name of the website to be protected

          www.example.com

          +

          www.example.com

          Path

          +

          Path

          A part of the URL, not including the domain name

          +

          A part of the URL, not including the domain name

          A URL is used to define the address of a web page. The basic URL format is as follows:

          Protocol name://Domain name or IP address[:Port]/[Path/.../File name].

          For example, if the URL is http://www.example.com/admin, set Path to /admin.

          NOTE:
          • The path does not support regular expressions.
          • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, WAF converts /// to /.

          /admin

          +

          /admin

          Rule Description

          +

          Rule Description

          A brief description of the rule. This parameter is optional.

          +

          A brief description of the rule. This parameter is optional.

          None

          +

          None
          Table 1 Anti-crawler detection features

          Type

          +
          - - - - - - - - - - - - - - @@ -87,52 +85,52 @@
          Figure 6 Add Rule
          -
          Table 1 Anti-crawler detection features

          Type

          Description

          +

          Description

          Remarks

          +

          Remarks

          Search Engine

          +

          Search Engine

          This rule is used to block web crawlers, such as Googlebot and Baiduspider, from collecting content from your site.

          +

          This rule is used to block web crawlers, such as Googlebot and Baiduspider, from collecting content from your site.

          If you enable this rule, WAF detects and blocks search engine crawlers.

          +

          If you enable this rule, WAF detects and blocks search engine crawlers.

          NOTE:

          If Search Engine is not enabled, WAF does not block POST requests from Googlebot or Baiduspider. If you want to block POST requests from Baiduspider, use the configuration described in Configuration Example - Search Engine.

          Scanner

          +

          Scanner

          This rule is used to block scanners, such as OpenVAS and Nmap. A scanner scans for vulnerabilities, viruses, and other jobs.

          +

          This rule is used to block scanners, such as OpenVAS and Nmap. A scanner scans for vulnerabilities, viruses, and other jobs.

          After you enable this rule, WAF detects and blocks scanner crawlers.

          +

          After you enable this rule, WAF detects and blocks scanner crawlers.

          Script Tool

          +

          Script Tool

          This rule is used to block script tools. A script tool is often used to execute automatic tasks and program scripts, such as HttpClient, OkHttp, and Python programs.

          +

          This rule is used to block script tools. A script tool is often used to execute automatic tasks and program scripts, such as HttpClient, OkHttp, and Python programs.

          If you enable this rule, WAF detects and blocks the execution of automatic tasks and program scripts.

          +

          If you enable this rule, WAF detects and blocks the execution of automatic tasks and program scripts.

          NOTE:

          If your application uses scripts such as HttpClient, OkHttp, and Python, disable Script Tool. Otherwise, WAF will identify such script tools as crawlers and block the application.

          Other

          +

          Other

          This rule is used to block crawlers used for other purposes, such as site monitoring, using access proxies, and web page analysis.

          +

          This rule is used to block crawlers used for other purposes, such as site monitoring, using access proxies, and web page analysis.

          NOTE:

          To avoid being blocked by WAF, crawlers may use a large number of IP address proxies.

          If you enable this rule, WAF detects and blocks crawlers that are used for various purposes.

          +

          If you enable this rule, WAF detects and blocks crawlers that are used for various purposes.
          Table 2 Parameters of a JavaScript-based anti-crawler protection rule

          Parameter

          +
          - - - - - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0016.html b/docs/wafd/umn/waf_01_0016.html index cca3ac6d4..d211244ab 100644 --- a/docs/wafd/umn/waf_01_0016.html +++ b/docs/wafd/umn/waf_01_0016.html @@ -4,8 +4,6 @@

          Once an attack hits a WAF basic web protection rule or a feature-library anti-crawler rule, WAF will respond to the attack immediately according to the protective action (Log only or Block) you configured for the rule and display an event on the Events page.

          You can add false alarm masking rules to let WAF ignore certain rule IDs or event types (for example, skip XSS checks for a specific URL).

          • If you select All protection for Ignore WAF Protection, all WAF rules do not take effect, and WAF allows all request traffic to the domain names in the rule.
          • If you select Basic Web Protection for Ignore WAF Protection, you can ignore basic web protection by rule ID, attack type, or all built-in rules. For example, if XSS check is not required for a URL, you can whitelist XSS rule.
          -

          If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

          -

          Prerequisites

          You have added the website you want to protect to WAF.

          Constraints

          • If you select All protection for Ignore WAF Protection, all WAF rules do not take effect, and WAF allows all request traffic to the domain names in the rule.
          • If you select Basic web protection for Ignore WAF Protection, global protection whitelist rules take effect only for events triggered against WAF built-in rules in Basic Web Protection and anti-crawler rules under Feature Library.
            • Basic web protection rules

              Basic web protection defends against common web attacks, such as SQL injection, XSS attacks, remote buffer overflow attacks, file inclusion, Bash vulnerability exploits, remote command execution, directory traversal, sensitive file access, and command and code injections. Basic web protection also detects web shells and evasion attacks.

              @@ -13,91 +11,91 @@
          • You can configure a global protection whitelist rule by referring to Handling False Alarms. After handling a false alarm, you can view the rule in the global protection whitelist rule list.
          • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
          -

          Configuring a Global Protection Whitelist

          1. Log in to the management console.
          2. Click in the upper left corner of the management console and select a region or project.
          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
          4. In the navigation pane on the left, choose Policies.
          5. Click the name of the target policy to go to the protection configuration page.
          6. Click the Blacklist and Whitelist configuration area and toggle it on or off if needed.

            • : enabled.
            • : disabled.
            +

            Configuring a Global Protection Whitelist

            1. Log in to the management console.
            2. Click in the upper left corner of the management console and select a region or project.
            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
            4. In the navigation pane on the left, click Policies.
            5. Click the name of the target policy to go to the protection configuration page.
            6. Click the Blacklist and Whitelist configuration area and toggle it on or off if needed.

              • : enabled.
              • : disabled.

            7. In the upper left corner above the Global Protection Whitelist rule list, click Add Rule.
            8. Add a global whitelist rule by referring to Table 1.

              Figure 1 Add Global Protection Whitelist Rule
              -
          Table 2 Parameters of a JavaScript-based anti-crawler protection rule

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Rule Name

          +

          Rule Name

          Name of the rule

          +

          Name of the rule

          wafjs

          +

          wafjs

          Path

          +

          Path

          A part of the URL, not including the domain name

          +

          A part of the URL, not including the domain name

          A URL is used to define the address of a web page. The basic URL format is as follows:

          Protocol name://Domain name or IP address[:Port]/[Path/.../File name].

          For example, if the URL is http://www.example.com/admin, set Path to /admin.

          NOTE:
          • The path does not support regular expressions.
          • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, WAF converts /// to /.

          /admin

          +

          /admin

          Logic

          +

          Logic

          Select a logical relationship from the drop-down list.

          +

          Select a logical relationship from the drop-down list.

          Include

          +

          Include

          Rule Description

          +

          Rule Description

          A brief description of the rule.

          +

          A brief description of the rule.

          None

          +

          None

          Effective Date

          +

          Effective Date

          Immediate

          +

          Immediate

          Immediate

          +

          Immediate
          Table 1 Parameters

          Parameter

          +
          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0017.html b/docs/wafd/umn/waf_01_0017.html index b49dd78d5..3e7af3429 100644 --- a/docs/wafd/umn/waf_01_0017.html +++ b/docs/wafd/umn/waf_01_0017.html @@ -2,54 +2,52 @@

          Configuring Data Masking Rules to Prevent Privacy Information Leakage

          This topic describes how to configure data masking rules. You can configure data masking rules to prevent sensitive data such as passwords from being displayed in event logs.

          -

          If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

          -

          Prerequisites

          You have added the website you want to protect to WAF.

          Constraints

          It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.

          Impact on the System

          Sensitive data in the events will be masked to protect your website visitor's privacy.

          -

          Configuring a Data Masking Rule

          1. Log in to the management console.
          2. Click in the upper left corner of the management console and select a region or project.
          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
          4. In the navigation pane on the left, choose Policies.
          5. Click the name of the target policy to go to the protection configuration page.
          6. Click the Data Masking configuration area and toggle it on or off if needed.

            • : enabled.
            • : disabled.
            +

            Configuring a Data Masking Rule

            1. Log in to the management console.
            2. Click in the upper left corner of the management console and select a region or project.
            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
            4. In the navigation pane on the left, click Policies.
            5. Click the name of the target policy to go to the protection configuration page.
            6. Click the Data Masking configuration area and toggle it on or off if needed.

              • : enabled.
              • : disabled.

            7. In the upper left corner above the Data Masking rule list, click Add Rule.
            8. In the displayed dialog box, specify the parameters described in Table 1.

              Figure 1 Adding a data masking rule
              -
          Table 1 Parameters

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Scope

          +

          Scope

          • All domain names: By default, this rule will be used to all domain names that are protected by the current policy.
          • Specified domain names: Specify a domain name range this rule applies to.
          +
          • All domain names: By default, this rule will be applied to all domain names that are protected by the current policy.
          • Specified domain names: Specify a domain name range this rule applies to.

          Specified domain names

          +

          Specified domain names

          Domain Name

          +

          Domain Name

          This parameter is mandatory when you select Specified domain names for Scope.

          +

          This parameter is mandatory when you select Specified domain names for Scope.

          Enter a single domain name that matches the wildcard domain name being protected by the current policy.

          www.example.com

          +

          www.example.com

          Condition List

          +

          Condition List

          Click Add to add conditions. At least one condition needs to be added. You can add up to 30 conditions to a protection rule. If more than one condition is added, all of the conditions must be met for the rule to be applied. A condition includes the following parameters:

          -
          Parameters for configuring a condition are described as follows:
          • Field
          • Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
            NOTICE:

            The length of a subfield cannot exceed 2,048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed.

            +

          Click Add to add conditions. At least one condition needs to be added. You can add up to 30 conditions to a protection rule. If more than one condition is added, all of the conditions must be met for the rule to be applied. A condition includes the following parameters:

          +
          Parameters for configuring a condition are described as follows:
          • Field
          • Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
            NOTICE:

            The length of a subfield cannot exceed 2,048 characters. Only digits, letters, underscores (_), and hyphens (-) are allowed.

            -
          • Logic: Select a logical relationship from the drop-down list.
          • Content: Enter or select the content that matches the condition.
          +
        15. Logic: Select a logical relationship from the drop-down list.
        16. Content: Enter or select the content that matches the condition.

          17. Path, Include, /product

          +

          Path, Include, /product

          Ignore WAF Protection

          +

          Ignore WAF Protection

          • All protection: All WAF rules do not take effect, and WAF allows all request traffic to the domain names in the rule.
          • Basic web protection: You can ignore basic web protection by rule ID, attack type, or all built-in rules. For example, if XSS check is not required for a URL, you can whitelist XSS rule.
          +
          • All protection: All WAF rules do not take effect, and WAF allows all request traffic to the domain names in the rule.
          • Basic web protection: You can ignore basic web protection by rule ID, attack type, or all built-in rules. For example, if XSS check is not required for a URL, you can whitelist XSS rule.

          Basic web protection

          +

          Basic web protection

          Ignored Protection Type

          +

          Ignored Protection Type

          If you select Basic web protection for Ignored Protection Type, specify the following parameters:

          +

          If you select Basic web protection for Ignored WAF Protection, select one of the following for Ignored Protection Type:

          • ID: Configure the rule by event ID.
          • Attack type: Configure the rule by attack type, such as XSS and SQL injection. One type contains one or more rule IDs.
          • All built-in rules: all checks enabled in Basic Web Protection.

          Attack type

          +

          Attack type

          Rule ID

          +

          Rule ID

          This parameter is mandatory when you select ID for Ignored Protection Type.

          +

          This parameter is mandatory when you select ID for Ignored Protection Type.

          Rule ID of a misreported event in Events whose type is not Custom. You are advised to handle false alarms on the Events page.

          041046

          +

          041046

          Rule Type

          +

          Rule Type

          This parameter is mandatory when you select Attack type for Ignored Protection Type.

          +

          This parameter is mandatory when you select Attack type for Ignored Protection Type.

          Select an attack type from the drop-down list box.

          WAF can defend against XSS attacks, web shells, SQL injection attacks, malicious crawlers, remote file inclusions, local file inclusions, command injection attacks, and other attacks.

          SQL injection

          +

          SQL injection

          Rule Description

          +

          Rule Description

          A brief description of the rule. This parameter is optional.

          +

          A brief description of the rule. This parameter is optional.

          SQL injection attacks are not intercepted.

          +

          SQL injection attacks are not intercepted.

          Ignore Field

          +

          Ignore Field

          To ignore attacks of a specific field, specify the field in the Advanced Settings area. After you add the rule, WAF will stop blocking attack events of the specified field.

          +

          To ignore attacks of a specific field, specify the field in the Advanced Settings area. After you add the rule, WAF will stop blocking attacks matching the specified field.

          Select a target field from the first drop-down list box on the left. The following fields are supported: Params, Cookie, Header, Body, and Multipart.
          • If you select Params, Cookie, or Header, you can select All or Field to configure a subfield.
          • If you select Body or Multipart, you can select All.
          • If you select Cookie, the Domain Name box for the rule can be empty.
          NOTE:

          If All is selected, WAF will not block all attack events of the selected field.

          Params

          +

          Params

          All
          Table 1 Rule parameters

          Parameter

          +
          - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0020.html b/docs/wafd/umn/waf_01_0020.html index ee082d2dd..ffbe87534 100644 --- a/docs/wafd/umn/waf_01_0020.html +++ b/docs/wafd/umn/waf_01_0020.html @@ -32,7 +32,7 @@
          Table 1 Rule parameters

          Parameter

          Description

          +

          Description

          Example Value

          +

          Example Value

          Path

          +

          Path

          Part of the URL that does not include the domain name.

          +

          Part of the URL that does not include the domain name.

          • Prefix match: The path ending with * indicates that the path is used as a prefix. For example, if the path to be protected is /admin/test.php or /adminabc, set Path to /admin*.
          • Exact match: The path to be entered must match the path to be protected. If the path to be protected is /admin, set Path to /admin.
          NOTE:
          • The path supports prefix and exact matches only and does not support regular expressions.
          • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, WAF converts /// to /.

          /admin/login.php

          -

          For example, if the URL to be protected is http://www.example.com/admin/login.php, set Path to /admin/login.php.

          +

          /admin/login.php

          +

          For example, if the URL to be protected is http://www.example.com/admin/login.php, set Path to /admin/login.php.

          Masked Field

          +

          Masked Field

          A field set to be masked
          • Params: A request parameter
          • Cookie: A small piece of data to identify web visitors
          • Header: A user-defined HTTP header
          • Form: A form parameter
          +
          A field set to be masked
          • Params: A request parameter
          • Cookie: A small piece of data to identify web visitors
          • Header: A user-defined HTTP header
          • Form: A form parameter
          • If Masked Field is Params and Field Name is id, content that matches id is masked.
          • If Masked Field is Cookie and Field Name is name, content that matches name is masked.
          +
          • If Masked Field is Params and Field Name is id, content that matches id is masked.
          • If Masked Field is Cookie and Field Name is name, content that matches name is masked.

          Field Name

          +

          Field Name

          Set the parameter based on Masked Field. The masked field will not be displayed in logs.

          +

          Set the parameter based on Masked Field. The masked field will not be displayed in logs.

          Rule Description

          +

          Rule Description

          A brief description of the rule. This parameter is optional.

          +

          A brief description of the rule. This parameter is optional.

          None

          +

          None

          WAF protection status and security situation of the domain name for the past three days.

          WAF supports the following protection modes:

          -
          • Protected: The WAF protection is enabled.
          • Unprotected: The WAF protection is disabled. If a large number of normal requests are blocked, for example, status code 418 is frequently returned, then you can switch the mode to Suspended. In this mode, your website is not protected because WAF only forwards requests. It does not scan for attacks. This mode is risky. You are advised to use the global protection whitelist rules to reduce false alarms.
          +
          • Protected: The WAF protection is enabled.
          • Unprotected: The WAF protection is disabled. If a large number of normal requests are blocked, for example, status code 418 is frequently returned, then you can switch the mode to Suspended. In this mode, your website is not protected because WAF only forwards requests. It does not scan for attacks. This mode is risky. You are advised to use the global protection whitelist rules to reduce false alarms.

          Certificate/Cipher Suite

          diff --git a/docs/wafd/umn/waf_01_0021.html b/docs/wafd/umn/waf_01_0021.html index 30dcd48c7..271306d33 100644 --- a/docs/wafd/umn/waf_01_0021.html +++ b/docs/wafd/umn/waf_01_0021.html @@ -1,8 +1,8 @@

          Viewing the Dashboard

          -

          This topic describes how to view protection event logs, including attack and request statistics, event distribution, top 10 attacked domain names, top 10 attack source IP addresses, and top 10 attacked URLs in a specified time range, such as yesterday, today, past 3 days, past 7 days, or past 30 days.

          -

          Prerequisites

          +

          If you have connected websites to WAF, you can have a glance at their security on the Dashboard page. You will learn of WAF updates, protection overview, product details, as well as the security statistics of protected websites and instances you have for up to 30 days. You can also check event source statistics and bot protection statistics.

          +

          Prerequisites

          Specification Limitations

          You can view the protection data of a maximum of 30 days.

          @@ -50,12 +50,12 @@

          Queries Per Second (QPS) indicates the number of requests per second. For example, an HTTP GET request is also called a query. The number of requests is the total number of requests in a specific time range.

          -

          Viewing the Dashboard

          1. Log in to the management console.
          2. Click in the upper left corner of the management console and select a region or project.
          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
          4. In the upper part of the page, select a project from the Enterprise Project drop-down list. Then, specify the website, instance, and time range for your query.

            • By default, the information about all websites you add to WAF in all enterprise projects are displayed.
            • Domain Names: shows information about websites added to the WAF instance in the selected enterprise project. Click View to go to the Website Settings page and view details about domain names of protected websites.
            • Query time: You can select Yesterday, Today, Past 3 days, Past 7 days, or Past 30 days.
            +

            Checking the Overview Information

            1. Log in to the management console.
            2. Click in the upper left corner of the management console and select a region or project.
            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
            4. In the upper part of the page, select a project from the Enterprise Project drop-down list. Then, specify the website, instance, and time range for your query.

              • By default, the information about all websites you add to WAF in all enterprise projects are displayed.
              • Domain Names: shows information about websites added to the WAF instance in the selected enterprise project. Click View to go to the Website Settings page and view details about domain names of protected websites.
              • Query time: You can select Yesterday, Today, Past 3 days, Past 7 days, or Past 30 days.
              Figure 1 Setting search criteria
              -

            5. View how many requests, attacks, and attacked pages by attack type over the specified time range.

              • Requests: shows the page views of the website, making it easy for you to view the total number of pages accessed by visitors in a certain period of time.
              • Attacks: shows how many times the website are attacked.
              • You can view how many pages are attacked by a certain type of attack within a certain period of time.
              • You can click Show Details to view the details of the 10 domain names with the most requests, attacks, and basic web protection, precise protection, CC attack protection, and anti-crawler protection actions.
              +

            6. View how many requests, attacks, and attacked pages by attack type over the specified time range.

              • Requests: shows the page views of the website, making it easy for you to view the total number of pages accessed by visitors in a certain period of time.
              • Attacks: shows how many times the website are attacked.
              • You can view how many pages are attacked by a certain type of attack within a certain period of time.
              • You can click Show Details to view the details of the 10 domain names with the most requests, attacks, and basic web protection, precise protection, CC attack protection, and anti-crawler protection actions.
              Figure 2 Protection action statistics
              -

            7. Query security data in the Security Event Statistics area.

              By day: You can select this option to view the data gathered by the day. If you leave this option unselected, you have the following options:

              -
              • Yesterday and Today: Security event data is gathered every minute.
              • Past 3 days: Security event data is gathered every 5 minutes.
              • Past 7 days: Security event data is gathered every 10 minutes.
              • Past 30 days: Security event data is gathered every hour.
              +

            8. Query security data in the Security Event Statistics area.

              By day: You can select this option to view the data gathered by the day. If you leave this option unselected, you have the following options:

              +
              • Yesterday and Today: Security event data is gathered every minute.
              • Past 3 days: Security event data is gathered every 5 minutes.
              • Past 7 days: Security event data is gathered every 10 minutes.
              • Past 30 days: Security data is gathered every hour.
              Figure 3 Security Event Statistics
              - - - -
              Table 2 Parameters in Security Event Statistics

              Parameter

              @@ -66,25 +66,25 @@

              Requests

              You can view how many requests for your website as well as total attacks and attacks of each attack type.

              +

              You can view how many requests to your website as well as total attacks and attacks of each attack type.

              QPS

              Average number of requests per second for the domain name. For details about the values of QPS, see How to Calculate QPS.

              +

              Average number of requests per second for the domain name. For details about QPS, see How to Calculate QPS.

              Queries Per Second (QPS) indicates the number of requests per second. For example, an HTTP GET request is also called a query.

              Bytes Sent/Received

              Bandwidth usage

              +

              Bandwidth usage.

              The value of sent and received bytes is calculated by adding the values of request_length and upstream_bytes_received by time, so the value is different from the network bandwidth monitored on the EIP. This value is also affected by web page compression, connection reuse, and TCP retransmission.

              Event Distribution

              Types of attack events

              -

              Click an area in the Event Distribution area to view the type, number, and proportion of an attack.

              +

              Types of attack events.

              +

              Click an area in the Event Distribution area to view the type, number, and proportion of an attack.

              Top 10 Attacked Domain Names

              diff --git a/docs/wafd/umn/waf_01_0024.html b/docs/wafd/umn/waf_01_0024.html index 24b8c4d59..0bfc5bb82 100644 --- a/docs/wafd/umn/waf_01_0024.html +++ b/docs/wafd/umn/waf_01_0024.html @@ -5,94 +5,94 @@

              WAF detects attacks by using built-in basic web protection rules, built-in features in anti-crawler protection, and custom rules you configured (such as CC attack protection, precise access protection, blacklist, whitelist, and geolocation access control rules). WAF will respond to detected attacks based on the protective actions (such as Block and Log only) defined in the rules and display attack events on the Events page.

              Prerequisites

              There is at least one false alarm event in the event list.

              -

              Constraints

              • Only attack events blocked or recorded by built-in basic web protection rules and features in anti-crawler protection can be handled as false alarms.
              • For events generated based on custom rules (such as a CC attack protection rule, precise protection rule, blacklist rule, whitelist rule, or geolocation access control rule), they cannot be handled as false alarms. To ignore such an event, delete or disable the custom rule hit by the event.
              • An attack event can only be handled as a false alarm once.
              • After an attack event is handled as a false alarm, the attack event will not be displayed on the Events page.
              • Dedicated WAF instances earlier than June 2022 do not support All protection for Ignore WAF Protection. Only Basic web protection can be selected.
              +

              Constraints

              • Only attack events blocked or recorded by built-in basic web protection rules and features in anti-crawler protection can be handled as false alarms.
              • For events generated based on custom rules (such as a CC attack protection rule, precise protection rule, blacklist rule, whitelist rule, or geolocation access control rule), they cannot be handled as false alarms. To ignore such an event, delete or disable the custom rule hit by the event.
              • An attack event can only be handled as a false alarm once.
              • After an attack event is handled as a false alarm, the attack event will not be displayed on the Events page.
              • Dedicated WAF instances earlier than June 2022 do not support All protection for Ignore WAF Protection. Only Basic web protection can be selected.
              -

              Application Scenarios

              Sometimes normal service requests may be blocked by WAF. For example, suppose you deploy a web application on an ECS and then add the public domain name associated with that application to WAF. If you enable basic web protection for that application, WAF may block the access requests that match the basic web protection rules. As a result, the website cannot be accessed through its domain name. However, the website can still be accessed through the IP address. In this case, you can handle the false alarms to allow normal access requests to the application.

              +

              Application Scenarios

              Sometimes normal service requests may be blocked by WAF. For example, suppose you deploy a web application on ECSs and then add the public domain name associated with that application to WAF. If you enable basic web protection for that application, WAF may block the access requests that match the basic web protection rules. If the website is inaccessible over its domain name but accessible over its IP address, you can handle the false alarms to allow normal access requests to the application.

              -

              Handling False Alarms

              1. Log in to the management console.
              2. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
              3. In the navigation pane on the left, choose Events.
              4. Click the Search tab. In the website or instance drop-down list, select a website to view corresponding event logs. The query time can be Yesterday, Today, Past 3 days, Past 7 days, Past 30 days, or a time range you configure.
              5. In the event list, handle events.

                • If you confirm that an event is a false alarm, locate the row containing the event. In the Operation column, click More > Handle as False Alarm and handle the hit rule.
                  Figure 1 Handling a false alarm
                  +

                  Handling False Alarms

                  1. Log in to the management console.
                  2. In the navigation pane on the left, choose Events.
                  3. Click the Search tab. In the website or instance drop-down list, select a website to view corresponding event logs. The query time can be Yesterday, Today, Past 3 days, Past 7 days, Past 30 days, or a time range you configure.
                  4. In the event list, handle events.

                    • If you confirm that an event is a false alarm, locate the row containing the event. In the Operation column, click More > Handle as False Alarm and handle the hit rule.
                      Figure 1 Handling a false alarm
                      -
                      Table 1 Parameters

                      Parameter

                      +
                      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -103,47 +103,47 @@
                      Figure 2 Add to Address Group
                    • Add the source IP address to a blacklist or whitelist rule of the corresponding protected domain name. Locate the row containing the desired event. In the Operation column, click More > Add to Blacklist/Whitelist. Then, the source IP address will be blocked or allowed based on the protective action configured in the blacklist or whitelist rule.
                      Figure 3 Add to Blacklist/Whitelist
                      -
                      • Table 1 Parameters

                      Parameter

                      Description

                      +

                      Description

                      Example Value

                      +

                      Example Value

                      Scope

                      +

                      Scope

                      • All domain names: By default, this rule will be used to all domain names that are protected by the current policy.
                      • Specified domain names: Specify a domain name range this rule applies to.
                      +
                      • All domain names: By default, this rule will be applied to all domain names that are protected by the current policy.
                      • Specified domain names: Specify a domain name range this rule applies to.

                      Specified domain names

                      +

                      Specified domain names

                      Domain Name

                      +

                      Domain Name

                      This parameter is mandatory when you select Specified domain names for Scope.

                      +

                      This parameter is mandatory when you select Specified domain names for Scope.

                      Enter a single domain name that matches the wildcard domain name being protected by the current policy.

                      www.example.com

                      +

                      www.example.com

                      Condition List

                      +

                      Condition List

                      Click Add to add conditions. At least one condition needs to be added. You can add up to 30 conditions to a protection rule. If more than one condition is added, all of the conditions must be met for the rule to be applied. A condition includes the following parameters:

                      -
                      Parameters for configuring a condition are described as follows:
                      • Field
                      • Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
                        NOTICE:

                        The length of a subfield cannot exceed 2,048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed.

                        +

                      Click Add to add conditions. At least one condition needs to be added. You can add up to 30 conditions to a protection rule. If more than one condition is added, all of the conditions must be met for the rule to be applied. A condition includes the following parameters:

                      +
                      Parameters for configuring a condition are described as follows:
                      • Field
                      • Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
                        NOTICE:

                        The length of a subfield cannot exceed 2,048 characters. Only digits, letters, underscores (_), and hyphens (-) are allowed.

                        -
                      • Logic: Select a logical relationship from the drop-down list.
                      • Content: Enter or select the content that matches the condition.
                      +
                    • Logic: Select a logical relationship from the drop-down list.
                    • Content: Enter or select the content that matches the condition.

                      • Path, Include, /product

                      +

                      Path, Include, /product

                      Ignore WAF Protection

                      +

                      Ignore WAF Protection

                      • All protection: All WAF rules do not take effect, and WAF allows all request traffic to the domain names in the rule.
                      • Basic web protection: You can ignore basic web protection by rule ID, attack type, or all built-in rules. For example, if XSS check is not required for a URL, you can whitelist XSS rule.
                      +
                      • All protection: All WAF rules do not take effect, and WAF allows all request traffic to the domain names in the rule.
                      • Basic web protection: You can ignore basic web protection by rule ID, attack type, or all built-in rules. For example, if XSS check is not required for a URL, you can whitelist XSS rule.

                      Basic web protection

                      +

                      Basic web protection

                      Ignored Protection Type

                      +

                      Ignored Protection Type

                      If you select Basic web protection for Ignored Protection Type, specify the following parameters:

                      +

                      If you select Basic web protection for Ignored WAF Protection, select one of the following for Ignored Protection Type:

                      • ID: Configure the rule by event ID.
                      • Attack type: Configure the rule by attack type, such as XSS and SQL injection. One type contains one or more rule IDs.
                      • All built-in rules: all checks enabled in Basic Web Protection.

                      Attack type

                      +

                      Attack type

                      Rule ID

                      +

                      Rule ID

                      This parameter is mandatory when you select ID for Ignored Protection Type.

                      +

                      This parameter is mandatory when you select ID for Ignored Protection Type.

                      Rule ID of a misreported event in Events whose type is not Custom. You are advised to handle false alarms on the Events page.

                      041046

                      +

                      041046

                      Rule Type

                      +

                      Rule Type

                      This parameter is mandatory when you select Attack type for Ignored Protection Type.

                      +

                      This parameter is mandatory when you select Attack type for Ignored Protection Type.

                      Select an attack type from the drop-down list box.

                      WAF can defend against XSS attacks, web shells, SQL injection attacks, malicious crawlers, remote file inclusions, local file inclusions, command injection attacks, and other attacks.

                      SQL injection

                      +

                      SQL injection

                      Rule Description

                      +

                      Rule Description

                      A brief description of the rule. This parameter is optional.

                      +

                      A brief description of the rule. This parameter is optional.

                      SQL injection attacks are not intercepted.

                      +

                      SQL injection attacks are not intercepted.

                      Ignore Field

                      +

                      Ignore Field

                      To ignore attacks of a specific field, specify the field in the Advanced Settings area. After you add the rule, WAF will stop blocking attack events of the specified field.

                      +

                      To ignore attacks of a specific field, specify the field in the Advanced Settings area. After you add the rule, WAF will stop blocking attacks matching the specified field.

                      Select a target field from the first drop-down list box on the left. The following fields are supported: Params, Cookie, Header, Body, and Multipart.
                      • If you select Params, Cookie, or Header, you can select All or Field to configure a subfield.
                      • If you select Body or Multipart, you can select All.
                      • If you select Cookie, the Domain Name box for the rule can be empty.
                      NOTE:

                      If All is selected, WAF will not block all attack events of the selected field.

                      Params

                      +

                      Params

                      All
                      Table 2 Parameter descriptions

                      Parameter

                      +
                      - - - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0027.html b/docs/wafd/umn/waf_01_0027.html index 3903bb393..66a1df368 100644 --- a/docs/wafd/umn/waf_01_0027.html +++ b/docs/wafd/umn/waf_01_0027.html @@ -3,9 +3,7 @@

                      Which Web Service Framework Protocols Does WAF Support?

                      WAF is deployed on the cloud.

                      Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

                      -

                      WAF can examine the following requests:

                      -
                      • WebSocket and WebSockets (enabled by default)
                        • WebSocket request inspection is enabled by default if Client Protocol is set to HTTP.
                        • WebSockets request inspection is enabled by default if Client Protocol is set to HTTPS.
                        -
                      • HTTP/HTTPS
                      +

                      WAF checks HTTP and HTTPS requests.

                      diff --git a/docs/wafd/umn/waf_01_0035.html b/docs/wafd/umn/waf_01_0035.html index 4aa633722..01b815f21 100644 --- a/docs/wafd/umn/waf_01_0035.html +++ b/docs/wafd/umn/waf_01_0035.html @@ -4,7 +4,7 @@
                      -
                      - diff --git a/docs/wafd/umn/waf_01_0045.html b/docs/wafd/umn/waf_01_0045.html index 063732af9..ba2ddecf2 100644 --- a/docs/wafd/umn/waf_01_0045.html +++ b/docs/wafd/umn/waf_01_0045.html @@ -8,7 +8,7 @@

                      The process of forwarding traffic from WAF to origin servers is called back-to-source. WAF uses back-to-source IP addresses to send client requests to the origin server. When a website is connected to WAF, the destination IP addresses to the client are the IP addresses of WAF, so that the origin server IP address is invisible to the client.

                      Figure 2 Back-to-source IP address
                      -

                      How WAF Works (ELB Access Mode)

                      If you connect a website to WAF in ELB access mode, WAF works as follows:

                      +

                      How WAF Works (ELB Access Mode)

                      If you connect a website to WAFELB access mode, WAF works as follows:

                      • In this mode, WAF is integrated into the gateway of an ELB load balancer through an SDK module. WAF extracts traffic through the SDK module embedded in the gateway for inspection.
                      • WAF synchronizes the inspection result to the load balancer, and the load balancer determines whether to forward client requests to the origin server based on the inspection result.
                      • In this method, WAF does not forward traffic. This reduces compatibility and stability problems.
                      Figure 3 How WAF in ELB load balancer access mode works
                      diff --git a/docs/wafd/umn/waf_01_0054.html b/docs/wafd/umn/waf_01_0054.html index 5f535acd8..cea114498 100644 --- a/docs/wafd/umn/waf_01_0054.html +++ b/docs/wafd/umn/waf_01_0054.html @@ -3,65 +3,63 @@

                      Configuring Information Leakage Prevention Rules to Protect Sensitive Information from Leakage

                      You can add two types of information leakage prevention rules.

                      • Sensitive information filtering: prevents disclosure of sensitive information, such as ID numbers, phone numbers, and email addresses.
                      • Response code interception: blocks the specified HTTP status codes.
                      -

                      If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

                      -
                      -

                      Prerequisites

                      You have added your website to a policy.

                      +

                      Prerequisites

                      You have added the website you want to protect to WAF or added a new protection policy.

                      Constraints

                      • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
                      -

                      Configuring an Information Leakage Prevention Rule

                      1. Log in to the management console.
                      2. Click in the upper left corner of the management console and select a region or project.
                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                      4. In the navigation pane on the left, choose Policies.
                      5. Click the name of the target policy to go to the protection configuration page.
                      6. Click the Information Leakage Prevention configuration area and toggle it on or off if needed.

                        • : enabled.
                        • : disabled.
                        -

                      7. In the upper left corner above the Information Leakage Prevention rule list, click Add Rule.
                      8. In the dialog box displayed, add an information leakage prevention rule by referring to Table 1.

                        Information leakage prevention rules prevent sensitive information (such as ID numbers, phone numbers, and email addresses) from being disclosed. This type of rule can also block specified HTTP status codes.

                        -
                        Sensitive information filtering: Configure rules to mask sensitive information, such as phone numbers and ID numbers, from web pages. For example, you can set the following protection rules to mask sensitive information, such as ID numbers, phone numbers, and email addresses:
                        Figure 1 Sensitive information leakage
                        +

                        Configuring an Information Leakage Prevention Rule

                        1. Log in to the management console.
                        2. Click in the upper left corner of the management console and select a region or project.
                        3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                        4. In the navigation pane on the left, click Policies.
                        5. Click the name of the target policy to go to the protection configuration page.
                        6. Click the Information Leakage Prevention configuration area and toggle it on or off if needed.

                          • : enabled.
                          • : disabled.
                          +

                        7. In the upper left corner above the Information Leakage Prevention rule list, click Add Rule.
                        8. In the dialog box displayed, add an information leakage prevention rule by referring to Table 1. Figure 1 and Figure 2 show the examples.

                          Information leakage prevention rules prevent sensitive information (such as ID numbers, phone numbers, and email addresses) from being disclosed. This type of rule can also block specified HTTP status codes.

                          +
                          Sensitive information filtering: Configure rules to mask sensitive information, such as phone numbers and ID numbers, from web pages. For example, you can set the following protection rules to mask sensitive information, such as ID numbers, phone numbers, and email addresses:
                          Figure 1 Sensitive information leakage
                          -
                          Response code interception: An error page of a specific HTTP response code may contain sensitive information. You can configure rules to block such error pages to prevent such information from being leaked out. For example, you can set the following rule to block error pages of specified HTTP response codes 404, 502, and 503.
                          Figure 2 Blocking response codes
                          +
                          Response code interception: An error page of a specific HTTP response code may contain sensitive information. You can configure rules to block such error pages to prevent such information from being leaked out. For example, you can set the following rule to block error pages of specified HTTP response codes 404, 502, and 503.
                          Figure 2 Blocking response codes
                          -
                      Table 2 Parameter descriptions

                      Parameter

                      Description

                      +

                      Description

                      Add to

                      +

                      Add to

                      • Existing rule
                      • New rule
                      +
                      • Existing rule
                      • New rule

                      Rule Name

                      +

                      Rule Name

                      • If you select Existing rule for Add to, select a rule name from the drop-down list.
                      • If you select New rule for Add to, customize a blacklist or whitelist rule.
                      +
                      • If you select Existing rule for Add to, select a rule name from the drop-down list.
                      • If you select New rule for Add to, customize a blacklist or whitelist rule.

                      IP Address/Range/Group

                      +

                      IP Address/Range/Group

                      This parameter is mandatory when you select New rule for Add to.

                      +

                      This parameter is mandatory when you select New rule for Add to.

                      You can select IP address/Range or Address Group to add IP addresses a blacklist or whitelist rule.

                      Group Name

                      +

                      Group Name

                      This parameter is mandatory when you select Address group for IP Address/Range/Group.

                      +

                      This parameter is mandatory when you select Address group for IP Address/Range/Group.

                      Select an address group from the drop-down list.

                      Protective Action

                      +

                      Protective Action

                      • Block: Select Block if you want to blacklist an IP address or IP address range.
                      • Allow: Select Allow if you want to whitelist an IP address or IP address range.
                      • Log only: Select Log only if you want to observe an IP address or IP address range.
                      +
                      • Block: Select Block if you want to blacklist an IP address or IP address range.
                      • Allow: Select Allow if you want to whitelist an IP address or IP address range.
                      • Log only: Select Log only if you want to observe an IP address or IP address range.

                      Known Attack Source

                      +

                      Known Attack Source

                      If you select Block for Protective Action, you can select a blocking type of a known attack source rule. WAF will block requests matching the configured IP address, Cookie, or Params for a length of time configured as part of the rule.

                      +

                      If you select Block for Protective Action, you can select a blocking type of a known attack source rule. WAF will block requests matching the configured IP address, Cookie, or Params for a length of time configured as part of the rule.

                      Rule Description

                      +

                      Rule Description

                      A brief description of the rule. This parameter is optional.

                      +

                      A brief description of the rule. This parameter is optional.

                      In the row containing the attack event, click Handle as False Alarm in the Operation column. For details, see Handling False Alarms.

                      +

                      In the row containing the attack event, click Handle as False Alarm in the Operation column. For details, see Handling False Alarms.

                      Custom protection rules

                      @@ -36,7 +36,7 @@

                      Allow the blocked requests by referring to Configuring Custom Precise Protection Rules. The Handle as False Alarm button is grayed out for events that are generated against a precise protection rule.

                      +

                      The Handle as False Alarm button is grayed out for events that are generated against a precise protection rule. To allow the blocked requests, see Configuring Custom Precise Protection Rules.
                      Table 1 Rule parameters

                      Parameter

                      +
                      - - - - - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0060.html b/docs/wafd/umn/waf_01_0060.html index 44cdc5182..f9b7fd550 100644 --- a/docs/wafd/umn/waf_01_0060.html +++ b/docs/wafd/umn/waf_01_0060.html @@ -2,10 +2,8 @@

                      Viewing CTS Traces in the Trace List

                      Scenarios

                      After you enable CTS and the management tracker is created, CTS starts recording operations on cloud resources. Cloud Trace Service (CTS) stores operation records (traces) generated in the last seven days.

                      -

                      These operation records are retained for seven days on the CTS console and are automatically deleted upon expiration. Manual deletion is not supported.

                      -
                      -

                      Viewing Real-Time Traces

                      1. Log in to the management console.
                      2. Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
                      3. Choose Trace List in the navigation pane on the left.
                      4. Set filters to search for your desired traces, as shown in Figure 1. The following filters are available.
                        Figure 1 Filters
                        +

                        Viewing Real-Time Traces in the Trace List

                        1. Log in to the management console.
                        2. Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
                        3. Choose Trace List in the navigation pane on the left.
                        4. Set filters to search for your desired traces, as shown in Figure 1. The following filters are available.
                          Figure 1 Filters
                          • Trace Type, Trace Source, Resource Type, and Search By: Select a filter from the drop-down list.
                            • If you select Resource ID for Search By, specify a resource ID.
                            • If you select Trace name for Search By, specify a trace name.
                            • If you select Resource name for Search By, specify a resource name.
                          • Operator: Select a user.
                          • Trace Status: Select All trace statuses, Normal, Warning, or Incident.
                          • Time range: Select Last 1 hour, Last 1 day, or Last 1 week, or specify a custom time range within the last seven days.
                          @@ -16,7 +14,7 @@

                        5. Click View Trace in the Operation column. The trace details are displayed.

                          -
                        6. For details about key fields in the trace structure, see section "Trace References" > "Trace Structure" and section "Trace References" > "Example Traces" in the CTS User Guide.
                        +
                      5. For details about key fields in the trace structure, see Trace Structuresection "Trace References" > "Trace Structure" and Example Tracessection "Trace References" > "Example Traces" in the CTS User Guide.
                      diff --git a/docs/wafd/umn/waf_01_0061.html b/docs/wafd/umn/waf_01_0061.html index 8ea7bcea6..0d343d8af 100644 --- a/docs/wafd/umn/waf_01_0061.html +++ b/docs/wafd/umn/waf_01_0061.html @@ -2,9 +2,7 @@

                      Adding Rules to One or More Policies

                      This topic describes how to add rules to one or more policies.

                      -

                      If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in batches.

                      -
                      -

                      Adding Rules to One or More Policies

                      1. Log in to the management console.
                      2. Click in the upper left corner of the management console and select a region or project.
                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                      4. In the navigation pane on the left, choose Policies.
                      5. In the upper left corner of the policy list, click View All My Rules.

                        Figure 1 View Rules
                        +

                        Adding Rules to One or More Policies

                        1. Log in to the management console.
                        2. Click in the upper left corner of the management console and select a region or project.
                        3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                        4. In the navigation pane on the left, click Policies.
                        5. In the upper left corner of the policy list, click View Rules.

                          Figure 1 View Rules

                        6. In the upper left corner above a list of a type of rule, click Add Rule.

                          Figure 2 Adding a rule to one or more policies

                        7. Select one or more policies from the Policy Name drop-down list.

                          Figure 3 Adding a rule to one or more policies

                        8. Set other parameters in addition to Policy Name.

                          • To add a CC attack protection rule, see Table 1.
                          • To add a precise protection rule, see Table 1.
                          • To add a blacklist or whitelist rule, see Table 1.
                          • To add a geolocation access control rule, see Table 1.
                          • To add a WTP rule, see Table 1.
                          • To add an information leakage prevention rule, see Table 1.
                          • To add a global protection whitelist rule, see Table 1.
                          • To add a data masking rule, see Table 1.
                          diff --git a/docs/wafd/umn/waf_01_0066.html b/docs/wafd/umn/waf_01_0066.html index 9f05e01b8..c3f67e2fe 100644 --- a/docs/wafd/umn/waf_01_0066.html +++ b/docs/wafd/umn/waf_01_0066.html @@ -1,7 +1,7 @@ -

                          How Do I Troubleshoot 404/502/504 Errors?

                          -

                          If an error, such as 404 Not Found, 502 Bad Gateway, or 504 Gateway Timeout, occurs after a website is connected to WAF, use the following methods to locate the cause and remove the error:

                          +

                          What Is Error Code 404, 502, or 504 Returned to Visitors After My Website or Application Is Connected to WAF?

                          +

                          If an error, such as 404 Not Found, 502 Bad Gateway, or 504 Gateway Timeout, occurs after your website or application is connected to WAF, use the following methods to locate the cause and remove the error:

                          404 Not Found

                          Scenario 1: When a visitor accesses your website, the page shown in Figure 1 is displayed.
                          Figure 1 404 page
                          Cause: The port added to a URL is incorrect.
                          • A non-standard port is configured when a domain name is connected to WAF. No port is added or the origin server port instead of the non-standard port is used to access the website. For example, use https://www.example.com or https://www.example.com:80 to access the website. Figure 2 shows an example.
                            Figure 2 Configuration of a non-standard port
                            @@ -22,7 +22,7 @@

                            Possible causes are as follows:

                            • Cause 1: Your website is using another security protection software. The software considers back-to-source IP addresses of WAF as malicious and blocks the requests forwarded by WAF. As a result, the site becomes inaccessible.

                              Solution: Add the WAF back-to-source IP address ranges to the whitelist of the firewall (hardware or software), security protection software, and rate limiting module.

                              -
                            • Cause 2: Multiple backend servers are configured. However, one backend server is unreachable.
                              Perform the following steps to check whether the origin server configuration is correct:
                              1. Log in to the management console, click Service List in the upper part of the page, and choose Security > Web Application Firewall (Dedicated).
                              2. In the navigation pane, choose Website Settings.
                              3. In the Domain Name column, click the domain name. Its information is displayed.
                              4. In the Server Information area, click . On the displayed page, check whether the client protocol, server protocol, origin server address, and port used by the origin server are correct.
                              5. Run the curl command on the host to check whether each origin server can be properly accessed.
                                curl http://xx.xx.xx.xx:yy -kvv
                                +
                              6. Cause 2: Multiple backend servers are configured. However, one backend server is unreachable.
                                Perform the following steps to check whether the origin server configuration is correct:
                                1. Log in to the management console, click Service List in the upper part of the page, and choose Security > Web Application Firewall (Dedicated) to go to the WAF (dedicated) console.
                                2. In the navigation pane on the left, choose Website Settings.
                                3. In the Domain Name column, click the domain name. Its information is displayed.
                                4. In the Server Information area, click . On the displayed page, check whether the client protocol, server protocol, origin server address, and port used by the origin server are correct.
                                5. Run the curl command on the host to check whether each origin server can be properly accessed.
                                  curl http://xx.xx.xx.xx:yy -kvv

                                  xx.xx.xx.xx indicates the IP address of the origin server. yy indicates the port of the origin server. xx.xx.xx.xx and yy must belong to the same origin server.

                                  • The host where the curl command can be run must meet the following requirements:
                                    • The network communication is normal.
                                    • The curl command has been installed. curl must be manually installed on the host running a Windows operating system. curl is installed along with other operating systems.
                                  • You can also enter http://origin server address:origin server port in the address bar of the browser to check whether the origin server can be properly accessed.
                                  @@ -37,7 +37,7 @@

                                  504 Gateway Timeout

                                  Scenario: After the configuration of connecting a domain name to WAF is complete, your website works properly. However, with the increasing traffic volume, the number of 504 errors also increases. If you directly access the IP address of the origin server, the 504 error code is returned sometimes.

                                  The possible causes are as follows:

                                  • Cause 1: Backend server performance issues (such as too many connections or high CPU usage)
                                    Solution:
                                    1. Optimize the server configuration, including TCP network parameters and ulimit parameters.
                                    2. To handle large-scale service increase, use method 1 or method 2 to perform the processing.

                                      Method 1: Add a backend server group to the ELB load balancer.

                                      -
                                      Method 2: Create an ELB. Use the EIP of ELB as the IP address of the server to connect to WAF.
                                      1. Log in to the management console, click Service List in the upper part of the page, and choose Security > Web Application Firewall (Dedicated).
                                      2. In the navigation pane, choose Website Settings.
                                      3. In the Domain Name column, click the domain name. Its information is displayed.
                                      4. In the Server Information area, click . On the displayed page, click Add.
                                      +
                                      Method 2: Create an ELB. Use the EIP of ELB as the IP address of the server to connect to WAF.
                                      1. Log in to the management console, click Service List in the upper part of the page, and choose Security > Web Application Firewall (Dedicated) to go to the WAF (dedicated) console.
                                      2. In the navigation pane on the left, choose Website Settings.
                                      3. In the Domain Name column, click the domain name. Its information is displayed.
                                      4. In the Server Information area, click . On the displayed page, click Add.
                                    3. If the Client Protocol is HTTPS, you can use HTTPS on the WAF side. However, it is recommended that HTTP (Server Protocol) to forward the requests to your web server, lowering the computational demands on backend servers.
                                    diff --git a/docs/wafd/umn/waf_01_0074.html b/docs/wafd/umn/waf_01_0074.html index eef72fce5..c739e9b4a 100644 --- a/docs/wafd/umn/waf_01_0074.html +++ b/docs/wafd/umn/waf_01_0074.html @@ -6,11 +6,11 @@

                                  Constraints

                                  A protected website domain name can use only one policy.

                                  -

                                  Procedure

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Policies.
                                  5. In the upper left corner, click Add Policy.

                                    Figure 1 Policies
                                    +

                                    Procedure

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Policies.
                                    5. In the upper left corner, click Add Policy.

                                      Figure 1 Policies

                                    6. In the displayed dialog box, enter the policy name and click Confirm. The added policy will be displayed in the policy list.

                                      Figure 2 Add Policy

                                    7. In the Policy Name column, click the policy name. On the displayed page, add rules to the policy by referring to Rule Configurations.
                                    -

                                    Related Operations

                                    • To modify a policy name, click next to the policy name. In the dialog box displayed, enter a new policy name.
                                    • To delete a rule, locate the row containing the rule. In the Operation column, click Delete.
                                    +

                                    Related Operations

                                    • To modify a policy name, click next to the policy name. In the dialog box displayed, enter a new policy name.
                                    • To delete a rule, locate the row containing the rule. In the Operation column, click Delete.
                                    diff --git a/docs/wafd/umn/waf_01_0075.html b/docs/wafd/umn/waf_01_0075.html index 551df0758..1f583132e 100644 --- a/docs/wafd/umn/waf_01_0075.html +++ b/docs/wafd/umn/waf_01_0075.html @@ -4,7 +4,7 @@

                                    You can add a domain name to a new policy you think applicable. Then, the original policy applied to the domain name stops working on this domain name.

                                    If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in batches.

                                    -

                                    Adding a Domain Name to a Policy

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Policies.
                                    5. In the row containing the target policy, click Add Domain Name in the Operation column.

                                      Figure 1 Adding a domain name to a policy
                                      +

                                      Adding a Domain Name to a Policy

                                      1. Log in to the management console.
                                      2. Click in the upper left corner of the management console and select a region or project.
                                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                      4. In the navigation pane on the left, choose Policies.
                                      5. In the row containing the target policy, click Add Domain Name in the Operation column.

                                        Figure 1 Adding a domain name to a policy

                                      6. Select one or more domain names from the Domain Name drop-down list.

                                        • A protected domain name can use only one policy, but one policy can be applied to multiple domain names.
                                        • To delete a policy that has been applied to domain names, add these domain names to other policies first. Then, click Delete in the Operation column of the policy you want to delete.
                                        Figure 2 Selecting one or more domain names
                                        diff --git a/docs/wafd/umn/waf_01_0077.html b/docs/wafd/umn/waf_01_0077.html index b3ade23cd..cd2a614f1 100644 --- a/docs/wafd/umn/waf_01_0077.html +++ b/docs/wafd/umn/waf_01_0077.html @@ -45,7 +45,7 @@
                      -
                      Table 1 Rule parameters

                      Parameter

                      Description

                      +

                      Description

                      Example Value

                      +

                      Example Value

                      Path

                      +

                      Path

                      A part of the URL that does not include the domain name. The URL can contain sensitive information (such as ID numbers, phone numbers, and email addresses) or a blocked error code.

                      +

                      A part of the URL that does not include the domain name. The URL can contain sensitive information (such as ID numbers, phone numbers, and email addresses) or a blocked error code.

                      • Prefix match: Only the prefix of the path to be entered must match that of the path to be protected.

                        If the path to be protected is /admin, set Path to /admin*.

                      • Exact match: The path to be entered must match the path to be protected.

                        If the path to be protected is /admin, set Path to /admin.

                        NOTE:
                        • The path supports prefix and exact matches only. Regular expressions are not supported.
                        • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, the WAF engine converts /// to /.

                      /admin*

                      +

                      /admin*

                      Type

                      +

                      Type

                      • Sensitive information filtering
                      • Response code interception: Enable WAF to block the specified HTTP response code page.
                      +
                      • Sensitive information filtering
                      • Response code interception: Enable WAF to block the specified HTTP response code page.

                      Sensitive information filtering

                      +

                      Sensitive information filtering

                      Content

                      +

                      Content

                      Information to be protected. Options are Identification card, Phone number, and Email.

                      +

                      Information to be protected. Options are Identification card, Phone number, and Email.

                      Identification card

                      +

                      Identification card

                      Protective Action

                      +

                      Protective Action

                      Action the rule takes. You can select Filter or Log only.

                      +

                      Action the rule takes. You can select Filter or Log only.

                      Filter

                      +

                      Filter

                      Rule Description

                      +

                      Rule Description

                      A brief description of the rule. This parameter is optional.

                      +

                      A brief description of the rule. This parameter is optional.

                      None

                      +

                      None

                      Protective action taken in response to the event

                      block

                      +

                      Block

                      attack

                      diff --git a/docs/wafd/umn/waf_01_0078.html b/docs/wafd/umn/waf_01_0078.html index fbe2c455e..2a6255dab 100644 --- a/docs/wafd/umn/waf_01_0078.html +++ b/docs/wafd/umn/waf_01_0078.html @@ -13,7 +13,7 @@

                      Application Scenario

                      If you select HTTPS for Client Protocol, a certificate is required.

                      -

                      Uploading a Certificate to WAF

                      1. Log in to the management console.
                      2. Click in the upper left corner of the management console and select a region or project.
                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                      4. In the navigation pane, choose Objects > Certificates.
                      5. Click Add Certificate.
                      6. In the displayed dialog box, enter a certificate name, and copy and paste the certificate file and private key to the corresponding text boxes.

                        Figure 1 Upload Certificate
                        +

                        Uploading a Certificate to WAF

                        1. Log in to the management console.
                        2. Click in the upper left corner of the management console and select a region or project.
                        3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                        4. In the navigation pane on the left, choose Objects > Certificates.
                        5. Click Add Certificate.
                        6. In the displayed dialog box, enter a certificate name, and copy and paste the certificate file and private key to the corresponding text boxes.

                          Figure 1 Uploading an international certificate

                          Only .pem certificates can be used in WAF. If the certificate is not in .pem format, convert it into .pem locally by referring to Table 1 before uploading it.
                          Table 1 Certificate conversion commands

                          Format

                          diff --git a/docs/wafd/umn/waf_01_0081.html b/docs/wafd/umn/waf_01_0081.html index b3e03110c..a3653c20f 100644 --- a/docs/wafd/umn/waf_01_0081.html +++ b/docs/wafd/umn/waf_01_0081.html @@ -3,53 +3,51 @@

                          Creating a Reference Table to Configure Protection Metrics in Batches

                          This topic describes how to create a reference table to batch configure protection metrics of a single type, such as Path, User Agent, IP, Params, Cookie, Referer, and Header. A reference table can be referenced by CC attack protection rules and precise protection rules.

                          When you configure a CC attack protection rule or precise protection rule, if the Logic field in the Trigger list is set to Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any value, Suffix is any value, or Suffix is not any value, you can select an appropriate reference table from the Content drop-down list.

                          -

                          If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

                          -

                          Prerequisites

                          You have added the website you want to protect to WAF.

                          Application Scenarios

                          Reference tables can be used for configuring multiple protection fields in CC attack protection and precise protection rules.

                          -

                          Creating a Reference Table

                          1. Log in to the management console.
                          2. Click in the upper left corner of the management console and select a region or project.
                          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                          4. In the navigation pane on the left, choose Policies.
                          5. Click the name of the target policy to go to the protection configuration page.
                          6. Click the CC Attack Protection or Precise Protection configuration area.
                          7. Click Reference Table Management in the upper left corner of the list.

                            Figure 1 Reference Table Management
                            +

                            Creating a Reference Table

                            1. Log in to the management console.
                            2. Click in the upper left corner of the management console and select a region or project.
                            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                            4. In the navigation pane on the left, click Policies.
                            5. Click the name of the target policy to go to the protection configuration page.
                            6. Click the CC Attack Protection or Precise Protection configuration area.
                            7. Click Reference Table Management in the upper left corner of the list.

                              Figure 1 Reference Table Management

                            8. On the Reference Table Management page, click Add Reference Table.

                              Figure 2 Add Reference Table

                            9. In the Add Reference Table dialog box, specify the parameters by referring to Table 1.

                              Figure 3 Adding a reference table
                              -
                              Table 1 Parameter description

                              Parameter

                              +
                              - - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0129.html b/docs/wafd/umn/waf_01_0129.html index daa73e102..4ad136458 100644 --- a/docs/wafd/umn/waf_01_0129.html +++ b/docs/wafd/umn/waf_01_0129.html @@ -99,7 +99,7 @@
                              Figure 1 WAF engine work process
                              Figure 2 Priorities of protection rules
                              -
                              Response actions
                              • Pass: The current request is unconditionally permitted after a protection rule is matched.
                              • Block: The current request is blocked after a rule is matched.
                              • CAPTCHA: The system will perform human-machine verification after a rule is matched.
                              • Redirect: The system will notify you to redirect the request after a rule is matched.
                              • Log: Only attack information is recorded after a rule is matched.
                              • Mask: The system will anonymize sensitive information after a rule is matched.
                              +
                              Response actions
                              • Pass: The current request is unconditionally permitted after a protection rule is matched.
                              • Block: The current request is blocked after a rule is matched.
                              • CAPTCHA: The system will perform human-machine verification after a rule is matched.
                              • Redirect: The system will notify you to redirect the request after a rule is matched.
                              • Log: Only attack information is recorded when a rule is matched.
                              • Mask: The system will anonymize sensitive information after a rule is matched.
                              diff --git a/docs/wafd/umn/waf_01_0150.html b/docs/wafd/umn/waf_01_0150.html index 8d585f40b..f4f7c2b45 100644 --- a/docs/wafd/umn/waf_01_0150.html +++ b/docs/wafd/umn/waf_01_0150.html @@ -25,7 +25,7 @@

                              Does WAF Support Two-Way SSL Authentication?

                              No. You can configure a one-way SSL certificate on WAF.

                              If you set Client Protocol to HTTPS when adding a website to WAF, you will be required to upload a certificate and use it for your website.

                              -
                              You are advised to use an ELB load balancer and dedicated WAF instances and then configure two-way authentication on the load balancer. The procedure is as follows:
                              1. Apply for a dedicated WAF instance..
                              2. Connect your website to WAF and configure ELB. For details, see Website Connection Process (Dedicated Mode).
                              3. Configure two-way authentication on the ELB load balancer.
                              +
                              You are advised to use an ELB load balancer and dedicated WAF instances and then configure two-way authentication on the load balancer. The procedure is as follows:
                              1. Apply for a dedicated WAF instance.
                              2. Connect your website to WAF and configure ELB. For details, see Website Connection Process (Dedicated Mode).
                              3. Configure two-way authentication on the ELB load balancer.

                              Does WAF Support Application Layer Protocol- and Content-Based Access Control?

                              WAF supports access control over content at the application layer. HTTP and HTTPS are both application layer protocols.

                              @@ -65,7 +65,7 @@

                              Does gzip on the Origin Server Affect WAF?

                              If gzip is enabled on the origin server, WAF may incorrectly block normal access requests from the origin server. If the blocked request is a normal access request, you can handle the event as a false alarm by referring to Handling False Alarms. After an event is handled as a false alarm, WAF stops blocking corresponding type of event. No such type of event will be displayed on the Events page and you will no longer receive alarm notifications accordingly.

                              Can WAF Protect Multiple Domain Names That Point to the Same Origin Server?

                              Yes. If there are multiple domain names pointing to the same origin server, you can connect these domain names to WAF for protection.

                              -

                              WAF protects domain names or IP addresses. If multiple domain names use the same EIP to provide services, all these domain names must be connected to WAF.

                              +

                              WAF protects websites over domain names or IP addresses. If multiple domain names use the same EIP to provide services, all these domain names must be connected to WAF.

                              What Is a Protection IP Address?

                              A protection IP address in WAF is the IP address of a website you use WAF to protect.

                              diff --git a/docs/wafd/umn/waf_01_0154.html b/docs/wafd/umn/waf_01_0154.html index 86b46cc97..dcd699252 100644 --- a/docs/wafd/umn/waf_01_0154.html +++ b/docs/wafd/umn/waf_01_0154.html @@ -8,7 +8,7 @@

                              Constraints

                              • The Redirection mode is not supported if you select ELB access for the protected website.
                              • The content of the text/html, text/xml, and application/json pages can be configured on the Custom block page to be returned.
                              • The root domain name of the redirection address must be the same as the currently protected domain name (including a wildcard domain name). For example, if the protected domain name is www.example.com and the port is 8080, the redirection URL can be set to http://www.example.com:8080/error.html.
                              -

                              Editing Response Page for Blocked Requests

                              1. Log in to the management console.
                              2. Click in the upper left corner of the management console and select a region or project.
                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                              4. In the navigation pane on the left, choose Website Settings.
                              5. In the Domain Name column, click the domain name of the website to go to the basic information page.
                              6. Click next to the page template name in the row of Alarm Page. In the displayed Alarm Page dialog box, specify Page Template.

                                • To use the built-in page, select Default. An HTTP code 418 is returned.
                                  Figure 1 Default alarm page
                                  +

                                  Editing Response Page for Blocked Requests

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Website Settings.
                                  5. In the Domain Name column, click the domain name of the website to go to the basic information page.
                                  6. Click next to the page template name in the row of Alarm Page. In the displayed Alarm Page dialog box, specify Page Template.

                                    • To use the built-in page, select Default. An HTTP code 418 is returned.
                                      Figure 1 Default alarm page
                                    • To customize the alarm page, select Custom and configure following parameters.
                                      • HTTP Return Code: return code configured on a custom page.
                                      • Response Header: Click Add Response Header Field and configure response header parameters.
                                      • Block Page Type: The options are text/html, text/xml, and application/json.
                                      • Page Content: Configure the page content based on the selected value for Block Page Type.
                                      Figure 2 Custom alarm page
                                    • To configure a redirection URL, select Redirection.
                                      Figure 3 Redirection alarm page
                                      diff --git a/docs/wafd/umn/waf_01_0156.html b/docs/wafd/umn/waf_01_0156.html index 28967a7d0..e40c85769 100644 --- a/docs/wafd/umn/waf_01_0156.html +++ b/docs/wafd/umn/waf_01_0156.html @@ -2,138 +2,136 @@

                                      Querying a Protection Event

                                      WAF sorts out the attacks, the ten websites attacked the most, ten attack source IP addresses that launched the most attacks, and the ten URLs attacked the most for a selected time range. You can view the blocked or logged events on the Events page. You can view details of events generated by WAF, including the occurrence time, attack source IP address, geographic location of the attack source IP address, malicious load, and hit rule for an event.

                                      -

                                      If you have enabled enterprise projects, you can select your enterprise project from the Enterprise Project drop-down list and view protection event logs in the project.

                                      -

                                      Constraints

                                      • On the WAF console, you can view the event data for all protected domain names over the last 30 days. You can authorize LTS to log WAF activities so that you can view attack and access logs and store all logs for a long time. For more details, see Using LTS to Log WAF Activities.
                                      • If you switch the WAF working mode for a website to Suspended, WAF only forwards all requests to the website without inspection. It does not log any attack events neither.
                                      • If the security software installed on your server blocks the event file from being downloaded, close the software and download the file again.
                                      -

                                      Viewing Protection Event Logs

                                      1. Log in to the management console.
                                      2. Click in the upper left corner of the management console and select a region or project.
                                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                      4. In the navigation pane on the left, choose Events.
                                      5. Click the Search tab. In the website or instance drop-down list, select a website to view corresponding event logs. The query time can be Yesterday, Today, Past 3 days, Past 7 days, Past 30 days, or a time range you configure.

                                        • Events over Time: displays the WAF protection status of the selected website within the selected time range.
                                        • Top Tens: displays top 10 attacks, attacked websites, attack source IP addresses, and attacked URLs for a selected time range. You can click to copy the data in the corresponding chart.
                                        -
                                        Figure 1 Events
                                        -

                                      6. In the Events area, view the event details.

                                        • Configure a filter by combining several conditions. Then, click OK. Conditions will be displayed above the event list. Table 2 lists parameters for filter conditions.
                                        • In the upper left corner of the event list, click Export to export events. If the number of events is less than 200, the events are exported to your local PC. If the number of events is greater than or equal to 200, the event record is displayed on the Downloads page. You can download the events on the Downloads page.
                                        • Click to select fields you want to display in the event lists.
                                        • To view event details, locate the row containing the event and click Details in the Operation column.
                                        -
                                        Figure 2 Events
                                        +

                                        Viewing Protection Event Logs

                                        1. Log in to the management console.
                                        2. Click in the upper left corner of the management console and select a region or project.
                                        3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                        4. In the navigation pane on the left, click Events.
                                        5. Click the Search tab. In the website or instance drop-down list, select a website to view corresponding event logs. The query time can be Yesterday, Today, Past 3 days, Past 7 days, Past 30 days, or a time range you configure.

                                          • Events over Time: displays the WAF protection status for the selected website within the selected time range.
                                          • Top Tens: displays top 10 attacks, attacked websites, attack source IP addresses, and attacked URLs for a selected time range. You can click to copy the data in the corresponding chart.
                                          +
                                          Figure 1 Events
                                          +

                                        6. In the Events area, view the event details.

                                          • Configure a filter by combining several conditions. Then, click OK. Conditions will be displayed above the event list. Table 2 lists parameters for filter conditions.
                                          • In the upper left corner of the event list, click Export to export events. If the number of events is less than 200, the events are exported to your local PC. If the number of events is greater than or equal to 200, the event record is displayed on the Downloads page. You can download the events on the Downloads page.
                                          • Click to select fields you want to display in the event lists.
                                          • Click Details in the Operation column of the target event to view details about the event. You can check the event overview, malicious payloads, request details, and response details.
                                          +
                                          Figure 2 Events
                                          -
                              Table 1 Parameter description

                              Parameter

                              Description

                              +

                              Description

                              Example Value

                              +

                              Example Value

                              Name

                              +

                              Name

                              Table name you entered

                              +

                              Table name you entered

                              test

                              +

                              test

                              Type

                              +

                              Type

                              • Path: A URL to be protected, excluding a domain name
                              • User Agent: A user agent of the scanner to be protected
                              • IP: An IP address of the visitor to be protected.
                              • Params: A request parameter to be protected
                              • Cookie: A small piece of data to identify web visitors
                              • Referer: A user-defined request resource

                                For example, if the protected path is /admin/xxx and you do not want visitors to be able to access it from www.test.com, set Value to http://www.test.com.

                                +
                              • Path: A URL to be protected, excluding a domain name
                              • User Agent: A user agent of the scanner to be protected
                              • IP: An IP address of the visitor to be protected.
                              • Params: A request parameter to be protected
                              • Cookie: A small piece of data to identify web visitors
                              • Referer: A user-defined request resource

                                For example, if the protected path is /admin/xxx and you do not want visitors to be able to access it from www.test.com, set Value to http://www.test.com.

                              • Header: A user-defined HTTP header.

                              Path

                              +

                              Path

                              Value

                              +

                              Value

                              Value of the corresponding Type. Wildcards are not allowed.

                              +

                              Value of the corresponding Type. Wildcards are not allowed.

                              NOTE:

                              Click Add to add more than one value.

                              /buy/phone/

                              +

                              /buy/phone/

                              Rule Description

                              +

                              Rule Description

                              Description of the rule.

                              +

                              Description of the rule.

                              -

                              +

                              -
                              Table 1 Filter condition fields

                              Parameter

                              +
                              - - - - - - - - - - - - -
                              Table 1 Filter condition fields

                              Parameter

                              Description

                              +

                              Description

                              Event ID

                              +

                              Source IP Address

                              ID of the event.

                              +

                              Public IP address of the web visitor/attacker.

                              +

                              By default, All is selected. You can view logs of all attack source IP addresses, select an attack source IP address, or enter an attack source IP address to view corresponding attack logs.

                              Event Type

                              +

                              Rule ID

                              Type of the attack.

                              -

                              By default, All is selected. You can view logs of all attack types or select an attack type to view corresponding attack logs.

                              +

                              ID of a built-in protection rule in WAF basic web protection.

                              Rule ID

                              +

                              URL

                              ID of a built-in protection rule in WAF basic web protection.

                              +

                              Attacked URL.

                              Protective Action

                              +

                              Event Type

                              The options are Block, Log only, Verification code, and Mismatch.

                              -
                              • Verification code: In CC attack protection rules, you can set Protective Action to Verification code. If a visitor sends too many requests, with the request quantity exceeding the rate limit specified by the CC attack protection rule used, a message is displayed to ask the visitor to provide a verification code. Visitor's requests will be blocked unless they enter a valid verification code.
                              • Mismatch: If an access request matches a web tamper protection rule, information leakage prevention rule, or data masking rule, the protective action is marked as Mismatch.
                              +

                              Type of the attack.

                              +

                              By default, All is selected. You can view logs of all attack types or select an attack type to view corresponding attack logs.

                              Source IP Address

                              +

                              Protective Action

                              Public IP address of the web visitor/attacker.

                              -

                              By default, All is selected. You can view logs of all attack source IP addresses, select an attack source IP address, or enter an attack source IP address to view corresponding attack logs.

                              +

                              The options are Block, Log only, Verification code, and Mismatch.

                              +
                              • Verification code: In CC attack protection rules, you can set Protective Action to Verification code. If a visitor sends too many requests, with the request quantity exceeding the rate limit specified by the CC attack protection rule used, a message is displayed to ask the visitor to provide a verification code. Visitor's requests will be blocked unless they enter a valid verification code.
                              • Mismatch: If an access request matches a web tamper protection rule, information leakage prevention rule, or data masking rule, the protective action is marked as Mismatch.

                              URL

                              +

                              Event ID

                              Attacked URL.

                              +

                              ID of the event.
                              -
                              Table 2 Parameters in the event list

                              Parameter

                              +
                              - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0160.html b/docs/wafd/umn/waf_01_0160.html index bd0f04e0d..9c50c8643 100644 --- a/docs/wafd/umn/waf_01_0160.html +++ b/docs/wafd/umn/waf_01_0160.html @@ -1,7 +1,7 @@

                              What Is the Connection Timeout Duration of WAF? Can I Manually Set the Timeout Duration?

                              -
                              • The default timeout for connections from a browser to WAF is 120 seconds. The value varies depending on your browser settings and cannot be changed on the WAF console.
                              • The default timeout duration for connections between WAF and your origin server is 30 seconds. You can customize a timeout duration on the WAF console.

                                On the Basic Information page, enable Timeout Settings and click . Then, specify WAF-to-Server connection timeout (s), Read timeout (s), and Write timeout (s) and click to save settings.

                                +
                                • The default timeout for connections from a browser to WAF is 120 seconds. The value varies depending on your browser settings and cannot be changed on the WAF console.
                                • The default timeout for connections between WAF and your origin server is 30 seconds. You can customize a timeout on the WAF console.

                                  On the Basic Information page, enable Timeout Settings and click . Then, specify WAF-to-Server connection timeout (s), Read timeout (s), and Write timeout (s) and click to save settings.

                                diff --git a/docs/wafd/umn/waf_01_0169.html b/docs/wafd/umn/waf_01_0169.html index 57b7e2a76..c2c3a8b55 100644 --- a/docs/wafd/umn/waf_01_0169.html +++ b/docs/wafd/umn/waf_01_0169.html @@ -1,7 +1,7 @@

                                Configuring PCI DSS/3DS Compliance Check and TLS

                                -

                                Transport Layer Security (TLS) provides confidentiality and ensures data integrity for data sent between applications over the Internet. HTTPS is a network protocol constructed based on TLS and HTTP and can be used for encrypted transmission and identity authentication. If you set Client Protocol to HTTPS, set the minimum TLS version and cipher suite (a set of multiple cryptographic algorithms) for your domain name to block requests that use a TLS version earlier than the configured one.

                                +

                                Transport Layer Security (TLS) provides confidentiality and ensures data integrity for data sent between applications over the Internet. HTTPS is a network protocol constructed based on TLS and HTTP and can be used for encrypted transmission and identity authentication. If you set Client Protocol to HTTPS, set the minimum TLS version and cipher suite for your domain name, so that WAF can block requests that use a TLS version earlier than the one you configure. A cipher suite is a set of multiple cryptographic algorithms.

                                TLS v1.0 and the cipher suite 1 are configured by default in WAF for general security. To protect your websites better, set the minimum TLS version to a later version and select a more secure cipher suite.

                                If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the enterprise project from the Enterprise Project drop-down list and configure PCI DSS or PCI 3DS and TLS for the domain names.

                                @@ -26,7 +26,7 @@
                              - diff --git a/docs/wafd/umn/waf_01_0172.html b/docs/wafd/umn/waf_01_0172.html index 95791ba45..540e3f254 100644 --- a/docs/wafd/umn/waf_01_0172.html +++ b/docs/wafd/umn/waf_01_0172.html @@ -7,7 +7,7 @@

                              Impact on the System

                              Enabling LTS for WAF does not affect WAF performance.

                              -

                              Enabling LTS for WAF Protection Event Logging

                              1. Log in to the management console.
                              2. Click in the upper left corner of the management console and select a region or project.
                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                              4. In the navigation pane on the left, choose Events.
                              5. Click the Configure Logs tab, enable LTS (), and select a log group and log stream. Table 1 describes the parameters.

                                Figure 1 Log settings
                                +

                                Enabling LTS for WAF Protection Event Logging

                                1. Log in to the management console.
                                2. Click in the upper left corner of the management console and select a region or project.
                                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                4. In the navigation pane on the left, choose Events.
                                5. Click the Configure Logs or Log Settings tab, enable LTS (), and select a log group and log stream. Table 1 describes the parameters.

                                  Figure 1 Log settings
                              Table 2 Parameters in the event list

                              Parameter

                              Description

                              +

                              Description

                              Example Value

                              +

                              Example Value

                              Time

                              +

                              Time

                              When the attack occurred.

                              +

                              When the attack occurred.

                              2021/02/04 13:20:04

                              +

                              2021/02/04 13:20:04

                              Source IP Address

                              +

                              Source IP Address

                              Public IP address of the web visitor/attacker.

                              +

                              Public IP address of the web visitor/attacker.

                              -

                              +

                              -

                              Domain Name

                              +

                              host

                              Attacked domain name.

                              +

                              Attacked domain name.

                              www.example.com

                              +

                              www.example.com

                              Rule ID

                              +

                              Rule ID

                              ID of a built-in protection rule in WAF basic web protection.

                              +

                              ID of a built-in protection rule in WAF basic web protection.

                              -

                              +

                              -

                              URL

                              +

                              URL

                              Attacked URL.

                              +

                              Attacked URL.

                              /admin

                              +

                              /admin

                              Event Type

                              +

                              Event Type

                              Type of attack.

                              +

                              Type of attack.

                              SQL injection

                              +

                              SQL injection

                              Protective Action

                              +

                              Protective Action

                              Protective actions configured in the rule. The options are Block, Log only, and Verification code.

                              -
                              NOTE:

                              If an access request matches a web tamper protection rule, information leakage prevention rule, or data masking rule, the protective action is marked as Mismatch.

                              +

                              Protective actions configured in the rule. The options are Block, Log only, and Verification code.

                              +
                              NOTE:

                              If an access request matches a web tamper protection rule, information leakage prevention rule, or data masking rule, the protective action is marked as Mismatch.

                              Block

                              +

                              Block

                              Status Code

                              +

                              Status Code

                              HTTP status code returned on the block page.

                              +

                              HTTP status code returned on the block page.

                              418

                              +

                              418

                              Malicious Load

                              +

                              Malicious Load

                              Location or part of the attack that causes damage or the number of times that the URL was accessed.

                              -
                              NOTE:
                              • In a CC attack, the malicious load indicates the number of times that the URL was accessed.
                              • For blacklist protection events, the malicious load is left blank.
                              +

                              Location or part of the attack that causes damage or the number of times that the URL was accessed.

                              +
                              NOTE:
                              • In a CC attack, the malicious load indicates the number of times that the URL was accessed.
                              • For blacklist protection events, the malicious load is left blank.

                              id=1 and 1='1

                              +

                              id=1 and 1='1

                              Enterprise Project

                              +

                              Enterprise Project

                              Enterprise project your websites belong to.

                              +

                              Enterprise project your websites belong to.

                              default

                              +

                              default

                              WAF automatically blocks website access requests that use TLS v1.0 or TLS v1.1.

                              Websites with basic security requirements, for example, small- and medium-sized enterprise websites.

                              +

                              Websites with basic security requirements, for example, small and medium-sized enterprise websites.

                              TLS v1.1
                              @@ -49,7 +49,7 @@

                              Checking and Downloading WAF Protection Event Logs on LTS

                              After enabling LTS, you can go to the LTS console and check, analyze, and download WAF logs.

                              1. Log in to the management console.
                              2. Click in the upper left corner of the management console and select a region or project.
                              3. Click in the upper left corner of the page and choose Management & Deployment > Log Tank Service.
                              4. In the log group list, click to expand the WAF log group (for example, lts-group-waf).
                              5. In the log stream list, click the log stream name to go to the log stream log page. Then, you can check and analyze logs.
                              -

                              WAF access_log Field

                              +

                              WAF access_log Field Description

                              Table 1 Log configuration

                              Parameter

                              -

                              Field

                              Type

                              @@ -120,7 +120,7 @@

                              Account ID

                              ID of your account.

                              +

                              Each account corresponds to a tenant ID.

                              access_log.projectid

                              @@ -540,7 +540,7 @@
                              -

                              WAF attack_log field description

                              +

                              WAF attack_log Field Description

                              Field

                              Type

                              @@ -614,7 +614,7 @@

                              Protective action

                              WAF defense action.

                              -
                              • block: WAF blocks attacks.
                              • log: WAF only logs detected attacks.
                              • captcha: Verification code
                              +
                              • block: WAF blocks attacks.
                              • log: WAF only logs detected attacks.
                              • captcha: Verification code

                              attack_log.sub_type

                              diff --git a/docs/wafd/umn/waf_01_0179.html b/docs/wafd/umn/waf_01_0179.html index 59b40eef4..986ac2b3a 100644 --- a/docs/wafd/umn/waf_01_0179.html +++ b/docs/wafd/umn/waf_01_0179.html @@ -9,38 +9,38 @@
                              - - - - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0199.html b/docs/wafd/umn/waf_01_0199.html index 8dfaade5b..36d1da5f9 100644 --- a/docs/wafd/umn/waf_01_0199.html +++ b/docs/wafd/umn/waf_01_0199.html @@ -2,7 +2,7 @@

                              Why Am I Seeing Error Code 523?

                              If a request goes through WAF over four times, WAF will block the request and return error code 523 to avoid endless loops. If error code 523 is returned for your website requests, check how many WAF instances you are using.

                              -

                              +

                              Cause 1: A website is connected to more than four WAF instances.

                              Error code 523 will return if a website has been connected to different types of WAF instances more than four times.

                              Solution

                              Route website traffic to bypass redundant WAF instances.

                              @@ -38,10 +38,3 @@
                              - - \ No newline at end of file diff --git a/docs/wafd/umn/waf_01_0215.html b/docs/wafd/umn/waf_01_0215.html index 9ce068e52..4fae96a19 100644 --- a/docs/wafd/umn/waf_01_0215.html +++ b/docs/wafd/umn/waf_01_0215.html @@ -4,7 +4,7 @@

                              If you allow only IP addresses in a region to access the protected domain name, for example, only IP addresses from Australia can access the protected domain name, take the following steps:

                              Geolocation access control rules have higher priority than built-in WAF rules. If you configure a geolocation access control rule to allow IP addresses from a certain location, WAF then forwards traffic from those IP addresses without performing basic web protection checks.

                              -
                              1. Log in to the management console.
                              2. Click in the upper left corner of the management console and select a region or project.
                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                              4. In the navigation pane on the left, choose Policies.
                              5. Click the name of the target policy to go to the protection configuration page.
                              6. In the upper left corner above the Geolocation Access Control list, click Add Rule.
                              7. Add a geolocation access control rule: Select Australia for Geolocation and select Allow for Protective Action.

                                Figure 1 Selecting Allow for Protective Action
                                +
                                1. Log in to the management console.
                                2. Click in the upper left corner of the management console and select a region or project.
                                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                4. Click the name of the target policy to go to the protection configuration page.
                                5. In the upper left corner above the Geolocation Access Control list, click Add Rule.
                                6. Add a geolocation access control rule: Select Australia for Geolocation and select Allow for Protective Action.

                                  Figure 1 Selecting Allow for Protective Action

                                7. In the upper left corner above the Precise Protection rule list, click Add Rule. Configure a precise protection rule to block all requests.

                                  Figure 2 Blocking all access requests

                              diff --git a/docs/wafd/umn/waf_01_0243.html b/docs/wafd/umn/waf_01_0243.html index c0be8cf4a..fc2ec5a7c 100644 --- a/docs/wafd/umn/waf_01_0243.html +++ b/docs/wafd/umn/waf_01_0243.html @@ -4,7 +4,7 @@

                              If the system-defined policies of WAF cannot meet your needs, you can create custom policies. For details about the actions supported by custom policies, see WAF Permissions and Supported Actions.

                              You can create custom policies in either of the following ways:

                              • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
                              • JSON: Edit JSON policies from scratch or based on an existing policy.
                              -

                              For details, see Creating a Custom Policy. The following section contains examples of common WAF custom policies.

                              +

                              For details, see Creating a Custom Policy. The following section contains examples of common WAF custom policies.

                              WAF Example Custom Policies

                              • Example 1: Allowing users to query the protected domain list
                                {
         "Version": "1.1",
         "Statement": [
diff --git a/docs/wafd/umn/waf_01_0251.html b/docs/wafd/umn/waf_01_0251.html
index 73fc1dd5c..bd03f2c49 100644
--- a/docs/wafd/umn/waf_01_0251.html
+++ b/docs/wafd/umn/waf_01_0251.html
@@ -2,7 +2,9 @@
 
 
                                Step 2: Configure a Load Balancer for WAF
                                
 
                                To ensure your dedicated WAF instance reliability, after you add a website to it, use Elastic Load Balance (ELB) to configure a load balancer and a health check for the dedicated WAF instance.
                                
-
                                Prerequisites
                                • You have added a website to a dedicated WAF instance.
                                • You have created a load balancer.
                                • Related ports have been enabled in the security group to which the dedicated WAF instance belongs.
                                  You can configure your security group as follows:
                                  • Inbound rules
                                    Add an inbound rule to allow incoming network traffic to pass through over a specified port based on your service requirements. For example, if you want to allow access from port 80, add a rule that allows TCP and port 80.
                                    
+
                                    Prerequisites
                                    • You have added a website to a dedicated WAF instance.
                                    • You have created a load balancer.
                                       
                                      When applying for a load balancer, enable IP as a Backend. This allows you to configure an IP address as a backend. Otherwise, the load balancer cannot be selectable when you configure a load balancer for a dedicated WAF instance.
                                      
+
                                      
+
                                    • Related ports have been enabled in the security group to which the dedicated WAF instance belongs.
                                      You can configure your security group as follows:
                                      • Inbound rules
                                        Add an inbound rule to allow incoming network traffic to pass through over a specified port based on your service requirements. For example, if you want to allow access from port 80, add a rule that allows TCP and port 80.
                                        
 
                                      • Outbound rules
                                        Retain the default settings. All outgoing network traffic is allowed by default.
                                        
 
                                      
 
                                      
diff --git a/docs/wafd/umn/waf_01_0253.html b/docs/wafd/umn/waf_01_0253.html
index 9c3bde2ec..abee1c8f3 100644
--- a/docs/wafd/umn/waf_01_0253.html
+++ b/docs/wafd/umn/waf_01_0253.html
@@ -1,7 +1,7 @@
 
 
 
                                      Managing Dedicated WAF Engines
                                      
-
                                      This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, viewing instance monitoring configurations, upgrading the instance edition, or deleting an instance.
                                      
+
                                      This topic describes how to manage your dedicated WAF instances (or engines). You can view instance information, view instance monitoring configurations, upgrade the edition of an instance, and delete an instance.
                                      
 
                                       
                                      If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instances locate. Then, you can select the project from the Enterprise Project drop-down list and manage dedicated WAF instances in the project.
                                      
 
                                      
 
                                      Prerequisites
                                      • You have applied for a dedicated WAF instance.
                                      • Your login account has the IAM ReadOnly permission.
                                      
@@ -14,26 +14,21 @@
 
 
 
-
                              - - - -
                              Table 1 QPS calculation

                              Time Range

                              Average QPS Description

                              +

                              Average QPS Description

                              Peak QPS Description

                              +

                              Peak QPS Description

                              Yesterday or Today

                              +

                              Yesterday or Today

                              The QPS curve is made with the average QPS in every minute.

                              +

                              The QPS curve is made with the average QPS in every minute.

                              The QPS curve is made with each peak QPS in every minute.

                              +

                              The QPS curve is made with each peak QPS in every minute.

                              Past 3 days

                              +

                              Past 3 days

                              The QPS curve is made with the average QPS in every five minutes.

                              +

                              The QPS curve is made with the average QPS in every five minutes.

                              The QPS curve is made with each peak QPS in every five minutes.

                              +

                              The QPS curve is made with each peak QPS in every five minutes.

                              Past 7 days

                              +

                              Past 7 days

                              The QPS curve is made with the maximum value among the average QPS in every five minutes at a 10-minute interval.

                              +

                              The QPS curve is made with the maximum value among the average QPS in every five minutes at a 10-minute interval.

                              The QPS curve is made with each peak QPS in every 10 minutes.

                              +

                              The QPS curve is made with each peak QPS in every 10 minutes.

                              Past 30 days

                              +

                              Past 30 days

                              The QPS curve is made with the maximum value among the average QPS in every five minutes at a one-hour interval.

                              +

                              The QPS curve is made with the maximum value among the average QPS in every five minutes at a one-hour interval.

                              The QPS curve is made with the peak QPS in every hour.

                              +

                              The QPS curve is made with the peak QPS in every hour.

                              202312

                              +

                              202409
                              • A global protection whitelist rule can be set to ignore invalid requests.
                              • JavaScript-based anti-crawler rules support more protective actions, including Block, Log only, and Verification code.

                              202308

                              +

                              202401
                              • The $remote_addr field is added to the IP identifier, which can be directly set to the IP address of the TCP connection.
                              • IP addresses used in TCP connections can be identified by CC, precise protection, blacklist, and whitelist rules.
                              • A block duration can be set if Protective Action is set to Verification code in a CC attack protection rule.

                              202305

                              -
                              • HTTP2 is enabled globally by default. There is no need to enable it manually.
                              • By default, a request can pass through WAF four times before it goes to the origin server. Error code 523 will be returned if the request exceeds this limit.
                              • Strict multipart format verification is supported.
                              • Dedicated ELB network load balancers are supported. (In earlier versions, only shared load balancers and dedicated application load balancers are supported.)
                              -
                              -

                              Viewing Information About a Dedicated WAF Instance

                              1. Log in to the management console.
                              2. Click in the upper left corner of the management console and select a region or project.
                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                              4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                Figure 1 Dedicated engine list
                                +

                                Viewing Information About a Dedicated WAF Instance

                                1. Log in to the management console.
                                2. Click in the upper left corner of the management console and select a region or project.
                                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                  Figure 1 Dedicated engine list

                                5. View information about a dedicated WAF instance. Table 2 describes parameters.

                                  @@ -110,7 +105,8 @@ - @@ -119,26 +115,28 @@

                                  Viewing Metrics of a Dedicated WAF Instance

                                  When a WAF instance is in the Running status, you can view the monitored metrics about the instance.

                                  -
                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                    Figure 2 Dedicated engine list
                                    +
                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                      Figure 2 Dedicated engine list

                                    5. In the row of the instance, click Cloud Eye in the Operation column to go to the Cloud Eye console and view the monitoring information, such as CPU, memory, and bandwidth.

                                  Upgrading a Dedicated WAF Instance

                                  Only dedicated WAF instances in the Running status can be upgraded to the latest version.

                                  • It takes about 20 minutes for upgrading an instance. During the upgrade, the instance is not available and cannot protect your domain names connected to it. To prevent service interruptions, use either of the following solutions:
                                    • Solution 1: Deploy multiple dedicated WAF instances for your domain name, add them to a backend server group of your load balancer, and enable the health check policy for the load balancer. In this way, if one dedicated WAF instance is not available, WAF automatically distributes the traffic to other healthy instances. There is almost no impact on your services except that website requests might be intermittently interrupted for few seconds.
                                    • Solution 2: If you deploy only one dedicated WAF instance, configure a load balancer before you start to let website traffic bypass WAF during the upgrade. After the upgrade is complete, configure the load balancer to distribute traffic to WAF.
                                  • If you are using the latest version of WAF, the Upgrade button is grayed out.
                                  -
                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                    Figure 3 Dedicated engine list
                                    +
                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                      Figure 3 Dedicated engine list

                                    5. In the row containing the instance you want to upgrade, click Upgrade in the Operation column.
                                    6. Confirm the upgrade conditions and click Confirm.

                                      Click View Details to view details of all dedicated WAF instance versions.

                                  Change Security Group for a Dedicated WAF Instance

                                  If you select Network Interface for Instance Type, you can change the security group to which your dedicated instance belongs. After you select a security group, the WAF instance will be protected by the access rules of the security group.

                                  -
                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                    Figure 4 Dedicated engine list
                                    +
                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                      Figure 4 Dedicated engine list

                                    5. In the row containing the instance, choose More > Change Security Group in the Operation column.
                                    6. In the dialog box displayed, select the new security group and click Confirm.

                                  Deleting a Dedicated WAF Instance

                                  You can delete a dedicated WAF instance anytime. A deleted dedicated WAF instance will no longer protect the website added to it.

                                  Resources on deleted instance are released and cannot be restored. Exercise caution when performing this operation.

                                  -
                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                    Figure 5 Dedicated engine list
                                    -

                                  5. In the row of the instance, click More > Delete in the Operation column.
                                  6. In the displayed dialog box, enter DELETE and click Confirm.

                                    Figure 6 Deleting an instance
                                    +
                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                      Figure 5 Dedicated engine list
                                      +

                                    5. In the row containing the instance, click More > Delete in the Operation column.

                                      You can also select multiple dedicated instances and click Delete in the upper left corner above the list to delete them all at once.

                                      +
                                      +

                                    6. In the displayed dialog box, enter DELETE and click Confirm.

                                      Figure 6 Deleting an instance

                                  diff --git a/docs/wafd/umn/waf_01_0262.html b/docs/wafd/umn/waf_01_0262.html index f28f29008..bc186b435 100644 --- a/docs/wafd/umn/waf_01_0262.html +++ b/docs/wafd/umn/waf_01_0262.html @@ -9,7 +9,7 @@

                                  Impact on the System

                                  • It is recommended that you update the certificate before it expires. Otherwise, all WAF protection rules will fail to take effect, and there can be massive impacts on the origin server, even more severe than a crashed host or website access failures.
                                  • Updating certificates does not affect services. The old certificate still works during the certificate replacement. The new certificate will take over the job once it has been uploaded and successfully associated with the domain name.
                                  -

                                  Updating the Certificate Used for a Website

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Website Settings.
                                  5. In the Domain Name column, click the domain name of the website to go to the basic information page.
                                  6. Click Modify next to the certificate name. In the Update Certificate dialog box, import a new certificate or select an existing certificate.

                                    • If you select Import new certificate for Update Method, enter a certificate name, and copy and paste the certificate file and private key into the corresponding text boxes.

                                      WAF encrypts and saves the private key to keep it safe.

                                      +

                                      Updating the Certificate Used for a Website

                                      1. Log in to the management console.
                                      2. Click in the upper left corner of the management console and select a region or project.
                                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                      4. In the navigation pane on the left, choose Website Settings.
                                      5. In the Domain Name column, click the domain name of the website to go to the basic information page.
                                      6. Click next to the certificate name. In the Update Certificate dialog box, import a new certificate or select an existing certificate.

                                        • If you select Import new certificate for Update Method, enter a certificate name, and copy and paste the certificate file and private key into the corresponding text boxes.

                                          WAF encrypts and saves the private key to keep it safe.

                                          Figure 1 Update Certificate
                                          Only .pem certificates can be used in WAF. If the certificate is not in .pem format, convert it into .pem locally by referring to Table 1 before uploading it. diff --git a/docs/wafd/umn/waf_01_0263.html b/docs/wafd/umn/waf_01_0263.html index 15969d99a..68e682f74 100644 --- a/docs/wafd/umn/waf_01_0263.html +++ b/docs/wafd/umn/waf_01_0263.html @@ -10,7 +10,7 @@

                                          Impact on the System

                                          • Deleting certificates does not affect services.
                                          • Deleted certificates cannot be recovered. Exercise caution when performing this operation.
                                          -

                                          Deleting a Certificate from WAF

                                          1. Log in to the management console.
                                          2. Click in the upper left corner of the management console and select a region or project.
                                          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                          4. In the navigation pane, choose Objects > Certificates.
                                          5. In the displayed dialog box, click Confirm.
                                          +

                                          Deleting a Certificate from WAF

                                          1. Log in to the management console.
                                          2. Click in the upper left corner of the management console and select a region or project.
                                          3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                          4. In the navigation pane on the left, choose Objects > Certificates.
                                          5. In the displayed dialog box, click Confirm.

                                          Related Operations

                                          If a certificate to be deleted is bound to a website, unbind it from the website before deletion.

                                          To unbind a certificate from a website domain name, perform the following steps:

                                          diff --git a/docs/wafd/umn/waf_01_0265.html b/docs/wafd/umn/waf_01_0265.html index 4a2283d33..f8689235a 100644 --- a/docs/wafd/umn/waf_01_0265.html +++ b/docs/wafd/umn/waf_01_0265.html @@ -8,7 +8,14 @@
                                  - + + + diff --git a/docs/wafd/umn/waf_01_0270.html b/docs/wafd/umn/waf_01_0270.html index 273b5e9cd..c248bc075 100644 --- a/docs/wafd/umn/waf_01_0270.html +++ b/docs/wafd/umn/waf_01_0270.html @@ -9,7 +9,7 @@

                                  Constraints

                                  • If the IP address tag is configured, ensure that the protected website has a layer-7 proxy configured in front of WAF and that Proxy Configured is set to Yes for the protected website.

                                    If the IP address tag is not configured, WAF identifies the client IP address by default.

                                  • Before enabling cookie- or params-based known attack source rules, configure a session or user tag for the corresponding website domain name.
                                  -

                                  Traffic identifier for a known attack source

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Website Settings.
                                  5. In the Domain Name column, click the domain name of the target website to go to the basic information page.
                                  6. In the Traffic Identifier area, click next to IP Tag, Session Tag, or User Tag and configure a traffic identifier by referring to Table 1.

                                    Figure 1 Traffic Identifier
                                    +

                                    Traffic identifier for a known attack source

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Website Settings.
                                    5. In the Domain Name column, click the domain name of the target website to go to the basic information page.
                                    6. In the Traffic Identifier area, click next to IP Tag, Session Tag, or User Tag and configure a traffic identifier by referring to Table 1.

                                      Figure 1 Traffic Identifier
                                  Table 2 Key parameters of dedicated WAF instances

                                  Parameter

                                  Specifications of resources hosting the instance.

                                  8 vCPUs | 16 GB

                                  +

                                  WI-500 (specifications of dedicated engine instances)

                                  +

                                  x1.8u.32g (Specifications of the ECS housing the dedicated engine. Specifications: x86: 8 vCPUs | 32 GB)

                                  2025-01-17

                                  +

                                  2025-04-10

                                  +

                                  This issue is the tenth official release.

                                  +

                                  Modified the following content:

                                  +

                                  Step 2: Configure a Load Balancer for WAF: Added the description of enabling IP as a Backend for an ELB load balancer.

                                  +

                                  2025-02-17

                                  This issue is the ninth official release.

                                  Modified the following content:

                                  @@ -19,7 +26,7 @@

                                  This issue is the eighth official release.

                                  Added the following content:

                                  - +

                                  Modified the following content:

                                  diff --git a/docs/wafd/umn/waf_01_0271.html b/docs/wafd/umn/waf_01_0271.html index 4029d4ca1..2ec5222fa 100644 --- a/docs/wafd/umn/waf_01_0271.html +++ b/docs/wafd/umn/waf_01_0271.html @@ -2,51 +2,49 @@

                                  Configuring a Known Attack Source Rule to Block Specific Visitors for a Specified Duration

                                  If WAF blocks a malicious request by IP address, Cookie, or Params, you can configure a known attack source rule to let WAF automatically block all requests from the attack source for a blocking duration set in the known attack source rule. For example, if a blocked malicious request originates from an IP address and you set the blocking duration to 500 seconds, WAF will block the IP address for 500 seconds after the known attack source rule takes effect.

                                  -

                                  Known attack source rules can be used by basic web protection, precise protection, IP address blacklist, IP address whitelist, and other rules. You can use known attack source rules in basic web protection, precise protection, and IP blacklist or whitelist rules as long as you set Protective Action to Block for these rules.

                                  -

                                  If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.

                                  -
                                  +

                                  Known attack source rules can be used by basic web protection, CC attack protection, precise protection, IP address blacklist, IP address whitelist, and other rules. You can use known attack source rules in basic web protection, CC attack protection, precise protection, and IP blacklist or whitelist rules as long as you set Protective Action to Block for these rules.

                                  Prerequisites

                                  You have added the website you want to protect to WAF.

                                  Constraints

                                  • For a known attack source rule to take effect, it must be enabled when you configure basic web protection, precise protection, blacklist, or whitelist protection rules.

                                    For blacklist and whitelist rules, a known attack source with Long-term IP address blocking or Short-term IP address blocking configured cannot be selected.

                                  • Before adding a known attack source rule for malicious requests blocked by Cookie or Params, a traffic identifier must be configured for the corresponding domain name. For more details, see Configuring a Traffic Identifier for a Known Attack Source.
                                  • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
                                  -

                                  Specification Limitations

                                  • You can configure up to six blocking types. Each type can have one known attack source rule configured.
                                  • The maximum time an IP address can be blocked for is 30 minutes.
                                  +

                                  Specification Limitations

                                  • You can configure up to six blocking types. Each type can have one known attack source rule configured.
                                  • The maximum blocking duration can be 30 minutes.
                                  -

                                  Configuring a Known Attack Source Rule

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Policies.
                                  5. Click the name of the target policy to go to the protection configuration page.
                                  6. Enable Known Attack Source if needed.

                                    • : enabled.
                                    • : disabled.
                                    +

                                    Configuring a Known Attack Source Rule

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, click Policies.
                                    5. Click the name of the target policy to go to the protection configuration page.
                                    6. Enable Known Attack Source if needed.

                                      • : enabled.
                                      • : disabled.

                                    7. In the upper left corner above the known attack source rules, click Add Known Attack Source Rule.
                                    8. In the displayed dialog box, specify the parameters by referring to Table 1.

                                      Figure 1 Add Known Attack Source Rule
                                      -
                                  Table 1 Traffic identifier parameters

                                  Tag
                                  Table 1 Known attack source parameters

                                  Parameter

                                  +
                                  - - - - - - - - - - - diff --git a/docs/wafd/umn/waf_01_0272.html b/docs/wafd/umn/waf_01_0272.html index cc7e8af61..7e51db81c 100644 --- a/docs/wafd/umn/waf_01_0272.html +++ b/docs/wafd/umn/waf_01_0272.html @@ -1,7 +1,7 @@

                                  Product Specifications

                                  -

                                  WAF can be used in dedicated mode or ELB access mode. The following part describes specifications.

                                  +

                                  WAF can be used in dedicated mode or ELB access mode. The following part describes specifications under different access modes.

                                  Access Mode Description

                                  Table 1 describes dedicated WAF instances.

                                  Table 1 Known attack source parameters

                                  Parameter

                                  Description

                                  +

                                  Description

                                  Example Value

                                  +

                                  Example Value

                                  Blocking Type

                                  +

                                  Blocking Type

                                  Specifies the blocking type. The options are:

                                  -
                                  • Long-term IP address blocking
                                  • Short-term IP address blocking
                                  • Long-term Cookie blocking
                                  • Short-term Cookie blocking
                                  • Long-term Params blocking
                                  • Short-term Params blocking
                                  +

                                  The blocking type for the rule. The options are:

                                  +
                                  • Long-term IP address blocking
                                  • Short-term IP address blocking
                                  • Long-term Cookie blocking
                                  • Short-term Cookie blocking
                                  • Long-term Params blocking
                                  • Short-term Params blocking
                                  NOTICE:

                                  For blacklist and whitelist rules, a known attack source with Long-term IP address blocking or Short-term IP address blocking configured cannot be selected.

                                  Long-term IP address blocking

                                  +

                                  Long-term IP address blocking

                                  Blocking Duration (s)

                                  +

                                  Blocking Duration (s)

                                  The blocking duration must be an integer and range from:

                                  +

                                  The blocking duration must be an integer and range from:

                                  • (300, 1800] for long-term blocking
                                  • (0, 300] for short-term blocking

                                  500

                                  +

                                  500

                                  Rule Description

                                  +

                                  Rule Description

                                  A brief description of the rule. This parameter is optional.

                                  +

                                  A brief description of the rule. This parameter is optional.

                                  None

                                  +

                                  -
                                  -
                                  Table 1 Access mode description

                                  Item

                                  @@ -74,7 +74,7 @@

                                  Number of domain names

                                  2,000 (Supports 2,000 top-level domain names.)

                                  +

                                  2,000 (Supports 2,000 top-level domain names.)

                                  Quantity of supported ports

                                  diff --git a/docs/wafd/umn/waf_01_0278.html b/docs/wafd/umn/waf_01_0278.html index 1984275ff..5cf78a649 100644 --- a/docs/wafd/umn/waf_01_0278.html +++ b/docs/wafd/umn/waf_01_0278.html @@ -44,16 +44,16 @@
                                  -

                                  Troubleshooting and Solutions for ELB Access Mode

                                  Refer to Figure 2 and Table 2 to fix connection failures.

                                  +

                                  Troubleshooting and Solutions for ELB Access Mode

                                  For ELB Access, refer to Figure 2 and Table 2 to fix connection failures.

                                  Figure 2 Troubleshooting for ELB Access Mode
                                  -
                                  -
                                  Table 2 Troubleshooting for website connection failure in WAF ELB access mode

                                  Possible Cause

                                  +
                                  - diff --git a/docs/wafd/umn/waf_01_0282.html b/docs/wafd/umn/waf_01_0282.html index 032d17c10..c0c9e28fb 100644 --- a/docs/wafd/umn/waf_01_0282.html +++ b/docs/wafd/umn/waf_01_0282.html @@ -4,7 +4,7 @@

                                  This topic describes how to view certificate details, including the certificate name, domain name a certificate is used for, and expiration time.

                                  Prerequisites

                                  You have uploaded certificates to WAF.

                                  -

                                  Checking Certificate Details

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane, choose Objects > Certificates.
                                  5. View the certificate information. For details about related parameters, see Table 1.

                                    Figure 1 Certificate list
                                    +

                                    Checking Certificate Details

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Objects > Certificates.
                                    5. View the certificate information. For details about related parameters, see Table 1.

                                      Figure 1 Certificate list
                                  Table 2 Troubleshooting for website connection failure in WAF - ELB access mode

                                  Possible Cause

                                  Solution

                                  Cause 1: Access Status for Domain Name/IP Address not updated

                                  +

                                  Cause 1: Access Status for Domain Name/IP Address not updated

                                  In the Access Status column for the website, click to update the status.

                                  diff --git a/docs/wafd/umn/waf_01_0287.html b/docs/wafd/umn/waf_01_0287.html index 44b724f3c..61006acdc 100644 --- a/docs/wafd/umn/waf_01_0287.html +++ b/docs/wafd/umn/waf_01_0287.html @@ -6,7 +6,7 @@

                                  Prerequisites

                                  • You have applied for a dedicated WAF instance.
                                  • You have contacted technical support to apply for the ELB access mode.
                                  • You have applied for a dedicated load balancer. Its specifications must be Application load balancing (HTTP/HTTPS). Note that the account you use to apply for the load balancer must have WAF dedicated mode enabled.
                                  -

                                  Connecting a Website to WAF in ELB Access Mode

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Website Settings.
                                  5. In the upper left corner of the website list, click Add Website.
                                  6. Choose ELB access and click OK.
                                  7. On the displayed domain name details page, configure basic settings by referring to Table 1.

                                    +

                                    Connecting a Website to WAF in ELB Access Mode

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Website Settings.
                                    5. In the upper left corner of the website list, click Add Website.
                                    6. Choose ELB access and click OK.
                                    7. On the displayed domain name details page, configure basic settings by referring to Table 1.

                                  Table 1 Certificate parameters

                                  Parameter
                                  @@ -41,11 +41,11 @@ - @@ -59,12 +59,12 @@ -
                                  Table 1 Parameter description

                                  Parameter

                                  Description

                                  @@ -25,7 +25,7 @@

                                  ELB Listener

                                  Listener configured for the selected ELB load balancer.

                                  -
                                  • All listeners
                                  • Specific listener
                                  +
                                  • All listeners
                                  • Specific listener

                                  All listeners

                                  Set this parameter to the domain name or IP address you want to protect. Make sure that the domain name has been resolved to the EIP of the load balancer.

                                  Single domain names or wildcard domain names are supported.

                                  -
                                  • Single domain name: Enter a single domain name, for example, www.example.com.
                                  • Wildcard domain name
                                    • If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names a.example.com, b.example.com, and c.example.com have the same server IP address, you can add the wildcard domain name *.example.com to WAF to protect all three.
                                    • If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.
                                    • Wildcard domain name* can be added.
                                    +
                                    • Single domain name: Enter a single domain name, for example, www.example.com.
                                    • Wildcard domain name
                                      • If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names a.example.com, b.example.com, and c.example.com have the same server IP address, you can add the wildcard domain name *.example.com to WAF to protect all three.
                                      • If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.
                                      • Wildcard domain name* can be added.

                                  Single domain name: www.example.com

                                  -

                                  Wildcard domain name: *.example.com

                                  +

                                  Single domain name: www.example.com

                                  +

                                  Wildcard domain name: *.example.com

                                  IP Address:

                                  XXX.XXX.1.1

                                  Policy

                                  The system-generated policy is selected by default. You can select a policy you configured before. You can also customize rules after the domain name is connected to WAF.

                                  +

                                  The system-generated policy is selected by default. You can select a policy you configured before. You can also customize rules after the domain name is connected to WAF.

                                  System-generated policies

                                  -
                                  • Basic web protection (Log only mode and common checks)

                                    The basic web protection defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections.

                                    -
                                  • Anti-crawler (Log only mode and Scanner feature)

                                    WAF only logs web scanning tasks, such as vulnerability scanning and virus scanning, such as crawling behavior of OpenVAS and Nmap.

                                    +
                                    • Basic web protection (Log only mode and common checks)

                                      The basic web protection defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections.

                                      +
                                    • Anti-crawler (Log only mode and Scanner feature)

                                      WAF only logs web scanning tasks, such as vulnerability scanning and virus scanning, such as crawling behavior of OpenVAS and Nmap.

                                    -
                                    NOTE:
                                    • Log only: WAF only logs detected attacks instead of blocking them.
                                    • Only the professional and platinum editions allow you to specify a custom policy for Policy.
                                    +
                                    NOTE:
                                    • Log only: WAF only logs detected attacks instead of blocking them.
                                    • Only the professional and enterprise editions allow you to specify a custom policy for Policy.

                                  System-generated policy

                                  @@ -74,10 +74,10 @@
                                  -

                                6. Click OK.

                                  You can view the added websites in the protected website list.

                                  +

                                7. Click OK.

                                  You can view the added websites in the protected website list.

                                  8. -

                                  Follow-up Operations

                                  • The initial Access Status of a website is Unaccessed. When a request reaches the WAF instance configured for the website, the access status automatically changes to Accessed. To address access failure, see
                                  • Complete Recommended Configurations
                                  • Adjust the protection policy configured for the protected domain name based on protection requirements. For details, see Protection Configuration Overview.
                                  +

                                  Follow-up Operations

                                  • The initial Access Status of a website is Unaccessed. When a request reaches the WAF instance configured for the website, the access status automatically changes to Accessed.
                                  • Complete Recommended Configurations
                                  • Adjust the protection policy configured for the protected domain name based on protection requirements. For details, see Protection Configuration Overview.
                                  diff --git a/docs/wafd/umn/waf_01_0311.html b/docs/wafd/umn/waf_01_0311.html index 68dc7de3f..2b8bec762 100644 --- a/docs/wafd/umn/waf_01_0311.html +++ b/docs/wafd/umn/waf_01_0311.html @@ -9,7 +9,7 @@
                                  Figure 2 JavaScript anti-crawler detection process

                                  Handling Suggestions

                                  Disable the JavaScript anti-crawler protection by performing the following steps:

                                  -
                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Policies.
                                  5. Click the name of the target policy to go to the protection configuration page.
                                  6. Click the Anti-Crawler configuration area and toggle it on or off if needed.

                                    • : enabled.
                                    • : disabled.
                                    +
                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. Click the name of the target policy to go to the protection configuration page.
                                    5. Click the Anti-Crawler configuration area and toggle it on or off if needed.

                                      • : enabled.
                                      • : disabled.

                                    6. Click the JavaScript tab and disable the JavaScript anti-crawler protection..
                                  diff --git a/docs/wafd/umn/waf_01_0312.html b/docs/wafd/umn/waf_01_0312.html index 3a1f6f38f..ae20e0f4c 100644 --- a/docs/wafd/umn/waf_01_0312.html +++ b/docs/wafd/umn/waf_01_0312.html @@ -2,17 +2,17 @@

                                  How Do I Allow Only Specified IP Addresses to Access Protected Websites?

                                  After you add the website to WAF, configure blacklist and whitelist rules or precise protection rules to allow only specified IP addresses to access the website. WAF then blocks all source IP addresses except the specified ones.

                                  -

                                  Configuring IP Address Blacklist and Whitelist Rules to Block All Source IP Addresses Except the Specified Ones

                                  1. Log in to the management console.
                                  2. Click in the upper left corner of the management console and select a region or project.
                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                  4. In the navigation pane on the left, choose Policies.
                                  5. Click the name of the target policy to go to the protection configuration page.
                                  6. In the Blacklist and Whitelist configuration area, enable the protection.
                                  7. In the upper left corner of the Blacklist and Whitelist page, click Add Rule.
                                  8. In the Add Blacklist or Whitelist Rule dialog box, add two blacklist rules to block all source IP addresses.

                                    Figure 1 Blocking IP address range 1.0.0.0/1
                                    -
                                    Figure 2 Blocking IP address range 128.0.0.0/1
                                    +

                                    Configuring IP Address Blacklist and Whitelist Rules to Block All Source IP Addresses Except the Specified Ones

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. Click the name of the target policy to go to the protection configuration page.
                                    5. In the Blacklist and Whitelist configuration area, enable the protection.
                                    6. In the upper left corner of the Blacklist and Whitelist page, click Add Rule.
                                    7. In the Add Blacklist or Whitelist Rule dialog box, add two blacklist rules to block all source IP addresses. Figure 1 and Figure 2 show two examples.

                                      Figure 1 Blocking IP address range 1.0.0.0/1
                                      +
                                      Figure 2 Blocking IP address range 128.0.0.0/1

                                    8. Click Add Rule. In the displayed Add Blacklist or Whitelist Rule dialog box, add a rule for the specified IP address or IP address range.
                                    -

                                    Configuring a Precise Protection Rule to Block All Source IP Addresses Except the Specified Ones

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Policies.
                                    5. Click the name of the target policy to go to the protection configuration page.
                                    6. In the Precise Protection configuration area, enable the protection.

                                      Figure 3 Precise Protection configuration area
                                      +

                                      Configuring a Precise Protection Rule to Block All Source IP Addresses Except the Specified Ones

                                      1. Log in to the management console.
                                      2. Click in the upper left corner of the management console and select a region or project.
                                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                      4. Click the name of the target policy to go to the protection configuration page.
                                      5. In the Precise Protection configuration area, enable the protection.

                                        Figure 3 Precise Protection configuration area

                                        -

                                      6. In the upper left corner of the displayed page, click Add Rule.
                                      7. In the displayed Add Precise Protection Rule dialog box, add a protection rule as shown in Figure 4 to block all requests.

                                        The priority value here must be greater than that configured in Step 9 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.

                                        +

                                      8. In the upper left corner of the displayed page, click Add Rule.
                                      9. In the displayed Add Precise Protection Rule dialog box, add a protection rule as shown in Figure 4 to block all requests.

                                        The priority value here must be greater than that configured in Step 8 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.

                                        Figure 4 Blocking all requests

                                      10. Click Add Rule. In the displayed Add Precise Protection Rule dialog box, add a rule for the specified IP address.

                                        For example, if you want to allow 192.168.2.3 to access the website, add a protection rule as shown in Figure 5.

                                        -

                                        The priority value here must be smaller than that configured in Step 8 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.

                                        +

                                        The priority value here must be smaller than that configured in Step 7 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.

                                        Figure 5 Allowing the access of a specified IP address
                                        diff --git a/docs/wafd/umn/waf_01_0317.html b/docs/wafd/umn/waf_01_0317.html index 154787dcf..64e6927bd 100644 --- a/docs/wafd/umn/waf_01_0317.html +++ b/docs/wafd/umn/waf_01_0317.html @@ -8,7 +8,7 @@
                                      11. Authorization

                                        You can add a user group to an enterprise project and configure a policy to associate the enterprise project with the user group. You can add users to a user group to control which projects they can access and what resources they can perform operations on. To do so, perform the following operations:

                                        1. Locate the row that contains the target enterprise project, click More > View User Group in the Operation column. Then, click Add User Group, select the user groups you want to add and move them to the right pane. Click Next and select the policies.
                                        2. In the navigation pane on the left, choose Personnel Management > User Management. Locate the row that contains the target user, click Add to User Group in the Operation column. In the available user groups on the left pane, select the target ones and move them to the right pane.
                                      12. Associating the resource with enterprise projects

                                        To use an enterprise project to manage cloud resources, associate resources with the enterprise project.

                                        -
                                        • Associate a WAF instance with an enterprise project when applying for WAF
                                        • Add WAF instances to an enterprise project after a WAF instance is purchased.

                                          On the Enterprise Project Management page, add WAF instances under your account to an enterprise project.

                                          +
                                          • Associate a WAF instance with an enterprise project when applying for WAF
                                          • Add WAF instances to an enterprise project after a WAF instance is purchased.

                                            On the Enterprise Project Management page, add WAF instances you apply for under your account to an enterprise project.

                                            Value default indicates the default enterprise project. Resources that are not allocated to any enterprise projects under your account are listed in the default enterprise project.

                                        diff --git a/docs/wafd/umn/waf_01_0319.html b/docs/wafd/umn/waf_01_0319.html index 755b2fc06..e754d9011 100644 --- a/docs/wafd/umn/waf_01_0319.html +++ b/docs/wafd/umn/waf_01_0319.html @@ -6,7 +6,7 @@

                                    Prerequisites

                                    You have applied for a WAF instance.

                                    -

                                    Viewing Product Details

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    4. In the navigation pane on the left, choose Instance Management > Product Details.
                                    5. On the Product Details page, view the WAF edition you are using, specifications, and expiration time.

                                      • To view details about the WAF edition you are using, click Details.
                                      +

                                      Viewing Product Details

                                      1. Log in to the management console.
                                      2. Click in the upper left corner of the management console and select a region or project.
                                      3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                      4. In the navigation pane on the left, choose Instance Management > Product Details.
                                      5. On the Product Details page, view the WAF edition you are using, specifications, and expiration time.

                                        • To view details about the WAF edition you are using, click Details.
                                        Figure 1 Product information

                                      diff --git a/docs/wafd/umn/waf_01_0326.html b/docs/wafd/umn/waf_01_0326.html index e5d9a0715..c10f81191 100644 --- a/docs/wafd/umn/waf_01_0326.html +++ b/docs/wafd/umn/waf_01_0326.html @@ -8,11 +8,11 @@

                                    Constraints

                                    • You have applied for a dedicated load balancer in Elastic Load Balance (ELB).
                                    • If your website has no layer-7 proxy server such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies.
                                    -

                                    Procedure

                                    1. Log in to the management console.
                                    2. Click in the upper left corner of the management console and select a region or project.
                                    3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                    1. In the navigation pane, choose Website Settings.
                                    2. In the upper left corner of the website list, click Add Website.
                                    3. Select Dedicated Mode and click Configure Now.
                                    4. Provide the domain name details.

                                      • Website Name: (Optional) You can customize the website name.
                                      • Protected Object: Enter the domain name of a website you want WAF to protect. You can enter a single domain name or a wildcard domain name.
                                        • The wildcard * can be added to WAF to let WAF protect any domain names. If wildcard (*) is added to WAF, only non-standard ports other than 80 and 443 can be protected.
                                        • If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names a.example.com, b.example.com, and c.example.com have the same server IP address, you can add the wildcard domain name *.example.com to WAF to protect all three.
                                        • If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.
                                        +

                                        Procedure

                                        1. Log in to the management console.
                                        2. Click in the upper left corner of the management console and select a region or project.
                                        3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                        1. In the navigation pane on the left, choose Website Settings.
                                        2. In the upper left corner of the website list, click Add Website.
                                        3. Select Dedicated Mode and click Configure Now.
                                        4. Provide the domain name details. Figure 1 shows an example.

                                          • Website Name: (Optional) You can customize the website name.
                                          • Protected Object: Enter the domain name of a website you want WAF to protect. You can enter a single domain name or a wildcard domain name.
                                            • The wildcard * can be added to WAF to let WAF protect any domain names. If wildcard (*) is added to WAF, only non-standard ports other than 80 and 443 can be protected.
                                            • If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names a.example.com, b.example.com, and c.example.com have the same server IP address, you can add the wildcard domain name *.example.com to WAF to protect all three.
                                            • If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.
                                          • Website Remarks: (Optional) You can provide remarks about your website if you want.
                                          -
                                          Figure 1 Configuring domain name details
                                          -

                                        5. Configure the origin server by referring to Table 1.

                                          Figure 2 Origin Server Settings
                                          +
                                          Figure 1 Configuring domain name details
                                          +

                                        6. Configure the origin server by referring to Table 1. Figure 2 shows an example.

                                          Figure 2 Origin Server Settings
                                          @@ -35,7 +35,7 @@ - - diff --git a/docs/wafd/umn/waf_01_1283.html b/docs/wafd/umn/waf_01_1283.html index 01a807bc3..07e9b0658 100644 --- a/docs/wafd/umn/waf_01_1283.html +++ b/docs/wafd/umn/waf_01_1283.html @@ -90,7 +90,7 @@ - diff --git a/docs/wafd/umn/waf_01_1311.html b/docs/wafd/umn/waf_01_1311.html index 092d60c13..48c29a7ff 100644 --- a/docs/wafd/umn/waf_01_1311.html +++ b/docs/wafd/umn/waf_01_1311.html @@ -4,7 +4,7 @@

                                          Symptom

                                          After a domain name is connected to WAF, the website cannot be accessed. A message is displayed, indicating that the protocol is not supported. The client and server do not support common SSL protocol versions or cipher suites.

                                          -

                                          Solution

                                          Select the default cipher suite for Cipher Suite in the TLS Configuration dialog box. For details, see Configuring PCI DSS/3DS Compliance Check and TLS.

                                          +

                                          Solution

                                          Select the default cipher suite for Cipher Suite in the TLS Configuration dialog box. For details, see Configuring PCI DSS/3DS Compliance Check and TLS.

                                          diff --git a/docs/wafd/umn/waf_01_1346.html b/docs/wafd/umn/waf_01_1346.html index 2f2071073..9be57bba0 100644 --- a/docs/wafd/umn/waf_01_1346.html +++ b/docs/wafd/umn/waf_01_1346.html @@ -8,7 +8,7 @@

                                          For example:

                                          curl -kv -H "Host: a.example.com" http://192.168.0.1

                                          If the response code is 200, the request has been forwarded.

                                          -
                                        7. Attack blocking test
                                          1. Ensure that the block mode for basic web protection has been enabled in the policy used for the protected website.
                                            Figure 1 Enabling Basic Web Protection
                                            +
                                          2. Attack blocking test
                                            1. Ensure that the block mode for basic web protection has been enabled in the policy used for the protected website.
                                              Figure 1 Enabling Basic Web Protection
                                            2. Run the following command:
                                              curl -kv -H "Host: {protection object added to WAF}"{Client protocol in server configuration}://{IP address of the dedicated WAF instance}:{protection port}--data "id=1 and 1='1"
                                              Example:
                                              curl -kv -H "Host: a.example.com" http:// 192.168.X.X --data "id=1 and 1='1"
                                              @@ -18,14 +18,14 @@

                                          8. Testing the Dedicated WAF Instance and Dedicated ELB Load Balancer

                                          • Forwarding test
                                            curl -kv -H "Host: { protection object added to WAF}"{ELB external protocol}://{Private IP address bound to the load balancer}:{ELB listening port}
                                            -

                                            If an EIP is bound to the load balancer, any publicly accessible servers can be used for testing.

                                            +

                                            If an EIP has been assigned to the load balancer, any publicly accessible servers can be used for testing.

                                            curl -kv -H "Host: {Protected object added to WAF}" {ELB external protocol}://{EIP bound to the load balancer}:{ELB listening port}

                                            Example:

                                            curl -kv -H "Host: a.example.com" http://192.168.X.Y
 curl -kv -H "Host: a.example.com" http://100.10.X.X

                                            If the response code is 200, the request has been forwarded.

                                            If the dedicated WAF instance works but the request fails to be forwarded, check the load balancer settings first. If the load balancer health check result is unhealthy, disable health check and perform the preceding operations again.

                                            -
                                          • Attack blocking test
                                            1. Ensure that the block mode for basic web protection has been enabled in the policy used for the protected website.
                                              Figure 2 Enabling Basic Web Protection
                                              +
                                            2. Attack blocking test
                                              1. Ensure that the block mode for basic web protection has been enabled in the policy used for the protected website.
                                                Figure 2 Enabling Basic Web Protection
                                              2. Run the following command:
                                                curl -kv -H "Host: { protection object added to WAF}"{ELB external protocol}://{Private IP address bound to the load balancer}:{ELB listening port}--data "id=1 and 1='1"

                                                If an EIP has been bound to the load balancer, any publicly accessible servers can be used for testing.

                                                curl -kv -H "Host: { protection object added to WAF}"{ELB external protocol}://{EIP bound to the load balancer}:{ELB listening port}--data "id=1 and 1='1"
                                                @@ -43,10 +43,3 @@ curl -kv -H "Host: a.example.com" http:// 100.10.X.X --data "id=1 and 1='1"
                                          - - \ No newline at end of file diff --git a/docs/wafd/umn/waf_01_1372.html b/docs/wafd/umn/waf_01_1372.html index bed81bab0..a2cc6f8ff 100644 --- a/docs/wafd/umn/waf_01_1372.html +++ b/docs/wafd/umn/waf_01_1372.html @@ -291,34 +291,63 @@
                                          Table 1 Parameter description

                                          Parameter

                                          Address of the web server. The configuration contains the Client Protocol, Server protocol, VPC, Server Address, and Server Port.

                                          • Client Protocol: protocol used by a client to access a server. The options are HTTP and HTTPS.
                                          • Server Protocol: protocol used by WAF to forward client requests. The options are HTTP and HTTPS.
                                            NOTE:

                                            WAF can check WebSocket and WebSockets requests, which is enabled by default.

                                            -
                                          • VPC: Select the VPC to which the dedicated WAF instance belongs.
                                            NOTE:

                                            To implement active-active services and prevent single points of failure (SPOFs), it is recommended that at least two WAF instances be configured in the same VPC.

                                            +
                                          • VPC: Select the VPC to which the dedicated WAF instance belongs.
                                            NOTE:

                                            To implement active-active services and prevent single points of failure (SPOFs), you can apply for at least two WAF instances and provision them in the same VPC.

                                          • Server Address: private IP address of the website server.

                                            Log in to the ECS or ELB console and view the private IP address of the server in the instance list.

                                            NOTE:

                                            The origin server address cannot be the same as that of the protected object.

                                            diff --git a/docs/wafd/umn/waf_01_0335.html b/docs/wafd/umn/waf_01_0335.html index ccff21680..17fc3a8b2 100644 --- a/docs/wafd/umn/waf_01_0335.html +++ b/docs/wafd/umn/waf_01_0335.html @@ -7,7 +7,7 @@

                                            Possible Cause

                                            If any of the following cases, WAF blocks the access request as an invalid request:
                                            • When form-data is used for POST or PUT requests, the number of parameters in a form exceeds 8,192.
                                            • The URL contains more than 2,048 parameters.
                                            • The number of headers exceeds 512.
                                            -

                                            Solution

                                            If you confirm that the blocked request is a normal request, allow it by Configuring Custom Precise Protection Rules.

                                            +

                                            Solution

                                            If you confirm that a blocked request is a normal request, allow it by referring to Configuring Custom Precise Protection Rules.

                                            diff --git a/docs/wafd/umn/waf_01_0343.html b/docs/wafd/umn/waf_01_0343.html index 223948a83..7a3e97674 100644 --- a/docs/wafd/umn/waf_01_0343.html +++ b/docs/wafd/umn/waf_01_0343.html @@ -11,7 +11,7 @@

                                            If you have enabled enterprise projects, you can select your enterprise project from the Enterprise Project drop-down list and whitelist back-to-source IP addresses of your dedicated WAF instances in the project.

                                            -

                                            Pointing Traffic to an ECS Hosting Your Website

                                            If your origin server is deployed on an ECS, perform the following steps to configure a security group rule to allow only the back-to-source IP address of the dedicated instance to access the origin server.

                                            +

                                            Pointing Traffic to an ECS Hosting Your Website

                                            If your origin servers are deployed on ECSs, perform the following steps to configure a security group rule to allow only the back-to-source IP address of the dedicated instance to access the origin servers.

                                            1. Log in to the management console.
                                            2. Click in the upper left corner of the management console and select a region or project.
                                            3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                            4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

                                              Figure 1 Dedicated engine list

                                            5. In the IP Address column, obtain the IP address of each dedicated WAF instance under your account.
                                            6. Click in the upper left corner of the page and choose Compute > Elastic Cloud Server.
                                            7. Locate the row containing the ECS housing your website. In the Name/ID column, click the ECS name to go to the ECS details page.
                                            8. Click the Security Groups tab. Then, click Change Security Group.
                                            9. In the Change Security Group dialog box displayed, select a security group or create a security group and click OK.
                                            10. Click the security group ID and view the details.
                                            11. Click the Inbound Rules tab and click Add Rule. Then, specify parameters in the Add Inbound Rule dialog box. For details, see Table 1.

                                              diff --git a/docs/wafd/umn/waf_01_1072.html b/docs/wafd/umn/waf_01_1072.html index 155d7bee4..4c72acaf3 100644 --- a/docs/wafd/umn/waf_01_1072.html +++ b/docs/wafd/umn/waf_01_1072.html @@ -8,8 +8,8 @@ -

                                              Procedure

                                              1. Log in to the management console.
                                              2. Click in the upper left corner of the management console and select a region or project.
                                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                              4. In the upper right corner, click Create WAF.
                                              5. (Optional): Select an enterprise project from the Enterprise Project drop-down list.

                                                This option is only available if you are logged in using an enterprise account, or if you have enabled enterprise projects. You can use enterprise projects to more efficiently manage cloud resources and project members.

                                                -

                                                default: indicates the default enterprise project. Resources that are not allocated to any enterprise projects under your account are listed in the default enterprise project.

                                                +

                                                Procedure

                                                1. Log in to the management console.
                                                2. Click in the upper left corner of the management console and select a region or project.
                                                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                                4. In the upper right corner, click Create WAF.
                                                5. (Optional): Select an enterprise project from the Enterprise Project drop-down list.

                                                  This option is only available if you are logged in using an enterprise account, or if you have enabled enterprise projects. You can use enterprise projects to more efficiently manage cloud resources and project members.

                                                  +

                                                  default: indicates the default enterprise project. Resources that are not allocated to any enterprise projects under your account are listed in the default enterprise project.

                                                6. Configure instance parameters by referring to Table 1. Figure 1 shows an example.

                                                  Figure 1 Configuring a dedicated WAF instance
                                                  diff --git a/docs/wafd/umn/waf_01_1073.html b/docs/wafd/umn/waf_01_1073.html new file mode 100644 index 000000000..fc4bf5afa --- /dev/null +++ b/docs/wafd/umn/waf_01_1073.html @@ -0,0 +1,15 @@ + + +

                                                  Applying for a Cloud WAF Instance

                                                  +

                                                  To use WAF load balancer access mode, you need to apply for a cloud WAF instance. Pay-per-use billing (postpayment) is supported for WAF cloud instances.

                                                  +

                                                  To apply for pay-per-use cloud instances, contact technical support first.

                                                  +
                                                  +

                                                  Applying for a Pay-per-Use Cloud WAF Instance

                                                  1. Log in to the management console.
                                                  2. Click in the upper left corner of the management console and select a region or project.
                                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                                  4. In the upper right corner, click Create WAF.
                                                  5. (Optional): Select an enterprise project from the Enterprise Project drop-down list.

                                                    This option is only available if you are logged in using an enterprise account, or if you have enabled enterprise projects. You can use enterprise projects to more efficiently manage cloud resources and project members.

                                                    +

                                                    default: indicates the default enterprise project. Resources that are not allocated to any enterprise projects under your account are listed in the default enterprise project.

                                                    +
                                                    +

                                                  1. On the Apply for Web Application Firewall page, set WAF Mode to Cloud Mode and Billing Mode to Pay-per-use.
                                                  2. In the lower right corner of the page, click Next.
                                                  3. Click Back to Website Settings and add domain names you want to protect on the Website Settings page.

                                                    If you want to disable WAF, choose Instance Management > Product Details, and click Disable Pay-Per-Use Billing next to Cloud Mode.

                                                    +
                                                    +

                                                  +
                                                  +
                                                  + diff --git a/docs/wafd/umn/waf_01_1171.html b/docs/wafd/umn/waf_01_1171.html index df251ad5f..a85f62c81 100644 --- a/docs/wafd/umn/waf_01_1171.html +++ b/docs/wafd/umn/waf_01_1171.html @@ -11,7 +11,7 @@

                                                Constraints

                                                • You have selected Dedicated Mode when adding the website to WAF.
                                                • The timeout duration for connections between a browser and WAF cannot be modified. Only timeout duration for connections between WAF and your origin server can be modified.
                                                • This function cannot be disabled once it is enabled.
                                                -

                                                Configuring a Timeout for Connections Between WAF and a Website Server

                                                1. Log in to the management console.
                                                2. Click in the upper left corner of the management console and select a region or project.
                                                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                                4. In the navigation pane, choose Website Settings.
                                                5. In the Domain Name column, click the website domain name to go to the basic information page.
                                                6. In the Timeout Settings row, toggle on if needed.
                                                7. Click , specify WAF-to-Server connection timeout (s), Read timeout (s), and Write timeout (s), and click to save settings.
                                                +

                                                Configuring a Timeout for Connections Between WAF and a Website Server

                                                1. Log in to the management console.
                                                2. Click in the upper left corner of the management console and select a region or project.
                                                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                                4. In the navigation pane on the left, choose Website Settings.
                                                5. In the Domain Name column, click the website domain name to go to the basic information page.
                                                6. In the Timeout Settings row, toggle on if needed.
                                                7. Click , specify WAF-to-Server connection timeout (s), Read timeout (s), and Write timeout (s), and click to save settings.
                                                diff --git a/docs/wafd/umn/waf_01_1172.html b/docs/wafd/umn/waf_01_1172.html index 6babbfa34..b8d45a146 100644 --- a/docs/wafd/umn/waf_01_1172.html +++ b/docs/wafd/umn/waf_01_1172.html @@ -6,7 +6,7 @@

                                                Constraints

                                                -

                                                Enabling Connection Protection

                                                1. Log in to the management console.
                                                2. Click in the upper left corner of the management console and select a region or project.
                                                3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                                4. In the navigation pane, choose Website Settings.
                                                5. In the Domain Name column, click the website domain name to go to the basic information page.
                                                6. In the Connection Protection area, click the status toggle to enable it.

                                                  Figure 1 Connection Protection
                                                  +

                                                  Enabling Connection Protection

                                                  1. Log in to the management console.
                                                  2. Click in the upper left corner of the management console and select a region or project.
                                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                                  4. In the navigation pane on the left, choose Website Settings.
                                                  5. In the Domain Name column, click the website domain name to go to the basic information page.
                                                  6. In the Connection Protection area, click the status toggle to enable it.

                                                    Figure 1 Connection Protection

                                                  7. Click next to each parameter, edit Breakdown Protection and Connection Protection parameters to meet your requirements, and click to save settings. Table 1 describes these parameters.

                                              Table 1 Inbound rule parameters

                                              Parameter

                                              diff --git a/docs/wafd/umn/waf_01_0355.html b/docs/wafd/umn/waf_01_0355.html index 67db50898..1b7d0fdba 100644 --- a/docs/wafd/umn/waf_01_0355.html +++ b/docs/wafd/umn/waf_01_0355.html @@ -2,8 +2,8 @@

                                              Why Does the Page Fail to Be Refreshed After WTP Is Enabled?

                                              Web Tamper Protection (WTP) supports only caching of static web pages. Perform the following steps to fix this issue:

                                              -
                                              1. Log in to the management console.
                                              2. Click in the upper left corner of the management console and select a region or project.
                                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                              4. In the navigation pane on the left, choose Policies.
                                              5. Click the name of the target policy to go to the protection configuration page.
                                              6. Click the Web Tamper Protection configuration area and check whether this function is enabled.

                                                • If this function is enabled (), go to Step 7.
                                                • If this function is disabled (), click to enable the function. Refresh the page several minutes later.
                                                -

                                              7. Click Customize Rule. On the displayed page, check whether the domain name and path are correct.

                                                • If they are correct, go to Step 8.
                                                • If they are incorrect, click Delete in the Operation column to delete the rule. Then, click Add Rule above the rule list and configure another rule.

                                                  After the rule is added successfully, refresh the page several minutes later. Then, access the page again.

                                                  +
                                                  1. Log in to the management console.
                                                  2. Click in the upper left corner of the management console and select a region or project.
                                                  3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                                  4. Click the name of the target policy to go to the protection configuration page.
                                                  5. Click the Web Tamper Protection configuration area and check whether this function is enabled.

                                                    • If this function is enabled (), go to Step 6.
                                                    • If this function is disabled (), click to enable the function. Refresh the page several minutes later.
                                                    +

                                                  6. Click Customize Rule. On the displayed page, check whether the domain name and path are correct.

                                                    • If they are correct, go to Step 7.
                                                    • If they are incorrect, click Delete in the Operation column to delete the rule. Then, click Add Rule above the rule list and configure another rule.

                                                      After the rule is added successfully, refresh the page several minutes later. Then, access the page again.

                                                  7. In the row containing the web tamper protection rule, click Update Cache in the Operation column.

                                                    If the content of a protected page is modified, you must update the cache. Otherwise, WAF always returns the most recently cached content.

                                                    After updating the cache, refresh the page and access the page again. If the page is still not updated, contact technical support.

                                                    diff --git a/docs/wafd/umn/waf_01_0367.html b/docs/wafd/umn/waf_01_0367.html index 1d97d4037..f6be620a9 100644 --- a/docs/wafd/umn/waf_01_0367.html +++ b/docs/wafd/umn/waf_01_0367.html @@ -10,7 +10,7 @@

                                              Application Scenario

                                              If you configure Client Protocol to HTTPS, a certificate is required.

                                              -

                                              Using a Certificate for a Protected Website in WAF

                                              1. Log in to the management console.
                                              2. Click in the upper left corner of the management console and select a region or project.
                                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                              4. In the navigation pane, choose Objects > Certificates.
                                              5. In the row containing the certificate you want to use, click Use in the Operation column.
                                              6. In the displayed Domain Name dialog box, select the website you want to use the certificate to.
                                              7. Click Confirm.
                                              +

                                              Using a Certificate for a Protected Website in WAF

                                              1. Log in to the management console.
                                              2. Click in the upper left corner of the management console and select a region or project.
                                              3. Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
                                              4. In the navigation pane on the left, choose Objects > Certificates.
                                              5. In the row containing the certificate you want to use, click Use in the Operation column.
                                              6. In the displayed Domain Name dialog box, select the website you want to use the certificate to.
                                              7. Click Confirm.

                                              Verification

                                              The protected website is listed in the Domain Name column of the certificate.

                                              diff --git a/docs/wafd/umn/waf_01_0425.html b/docs/wafd/umn/waf_01_0425.html index 5cad86c94..b871eb290 100644 --- a/docs/wafd/umn/waf_01_0425.html +++ b/docs/wafd/umn/waf_01_0425.html @@ -15,7 +15,7 @@
                                              • Specifications: WI-500. Estimated performance:
                                                • HTTP services: 5,000 QPS (recommended)
                                                • HTTPS services: 4,000 QPS (recommended)
                                                • WebSocket service - Maximum concurrent connections: 5,000
                                                • Maximum WAF-to-server persistent connections: 60,000
                                              • Specifications: WI-100. Estimated performance:
                                                • HTTP services: 1,000 QPS (recommended)
                                                • HTTPS services: 800 QPS (recommended)
                                                • WebSocket service - Maximum concurrent connections: 1,000
                                                • Maximum WAF-to-server persistent connections: 60,000
                                              -
                                              NOTICE:

                                              Maximum QPS values are for reference only. They may vary depending on your businesses. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.

                                              +
                                              NOTICE:

                                              Maximum limits are based on test and for reference only. They may vary depending on your services. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.

                                              @@ -68,7 +68,7 @@
                                              Table 1 Connection Protection parameters

                                              Parameter

                                              Use Figure 1 as an example:

                                              -
                                              • Breakdown Protection: When the number of 502/504 errors returned by the protected website exceeds 1,000 and accounts for 90% or more of the total access requests of the website for the first time, the first breakdown protection is triggered. During the first breakdown protection, WAF stops forwarding client requests for 180s (that is, blocks visitors access to the website for 180s). If a second consecutive breakdown protection is triggered, WAF stops forwarding client requests for 360s (180 x 2). If a third or more consecutive breakdowns are triggered, WAF stops forwarding client requests for 540s (180s x 3). The breakdowns are counted from 0 when the total downtime duration exceeds one hour (3,600s).
                                              • Connection Protection: When the number of read URL requests in the waiting queue exceeds 6,000, WAF stops forwarding client requests for 60 seconds and returns the maintenance page of the website to visitors.
                                              +
                                              • Breakdown Protection: When the number of 502/504 errors returned by the protected website exceeds 1,000 and accounts for 90% or more of the total access requests of the website for the first time, the first breakdown protection is triggered. During the first breakdown protection, WAF stops forwarding client requests for 180s (that is, blocks visitors access to the website for 180s). If a second consecutive breakdown protection is triggered, WAF stops forwarding client requests for 360s (180 x 2). If a third or more consecutive breakdowns are triggered, WAF stops forwarding client requests for 540s (180s x 3). The breakdowns are counted from 0 when the total downtime duration exceeds one hour (3,600s).
                                              • Connection Protection: When the number of read URL requests in the waiting queue exceeds 6,000, WAF stops forwarding client requests for 60 seconds and returns the maintenance page of the website to visitors.

                                            diff --git a/docs/wafd/umn/waf_01_1249.html b/docs/wafd/umn/waf_01_1249.html index ea12a4c30..0e59d6d9f 100644 --- a/docs/wafd/umn/waf_01_1249.html +++ b/docs/wafd/umn/waf_01_1249.html @@ -24,9 +24,9 @@

                                          Non-standard ports (182 in total)

                                          9945, 9770, 81, 82, 83, 84, 88, 89, 800, 808, 1000, 1090, 3128, 3333, 3501, 3601, 4444, 5000, 5222, 5555, 5601, 6001, 6666, 6788, 6789, 6842, 6868, 7000, 7001, 7002, 7003, 7004, 7005, 7006, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7018, 7019, 7020, 7021, 7022, 7023, 7024, 7025, 7026, 7070, 7081, 7082, 7083, 7088, 7097, 7777, 7800, 7979, 8000, 8001, 8002, 8003, 8008, 8009, 8010, 8020, 8021, 8022, 8025, 8026, 8077, 8078, 8080, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8092, 8093, 8094, 8095, 8096, 8097, 8098, 8106, 8118, 8181, 8334, 8336, 8800, 8686, 8888, 8889, 8989, 8999, 9000, 9001, 9002, 9003, 9080, 9200, 9802, 10000, 10001, 10080, 12601, 86, 9021, 9023, 9027, 9037, 9081, 9082, 9201, 9205, 9207, 9208, 9209, 9210, 9211, 9212, 9213, 48800, 87, 97, 7510, 9180, 9898, 9908, 9916, 9918, 9919, 9928, 9929, 9939, 28080, 33702, 8011, 8012, 8013, 8014, 8015, 8016, 8017, 8070

                                          +

                                          9945, 9770, 81, 82, 83, 84, 88, 89, 800, 808, 1000, 1090, 3128, 3333, 3501, 3601, 4444, 5000, 5222, 5555, 5601, 6001, 6666, 6788, 6789, 6842, 6868, 7000, 7001, 7002, 7003, 7004, 7005, 7006, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7018, 7019, 7020, 7021, 7022, 7023, 7024, 7025, 7026, 7070, 7081, 7082, 7083, 7088, 7097, 7777, 7800, 7979, 8000, 8001, 8002, 8003, 8008, 8009, 8010, 8020, 8021, 8022, 8025, 8026, 8077, 8078, 8080, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8092, 8093, 8094, 8095, 8096, 8097, 8098, 8106, 8118, 8181, 8334, 8336, 8800, 8686, 8888, 8889, 8989, 8999, 9000, 9001, 9002, 9003, 9080, 9200, 9802, 10000, 10001, 10080, 12601, 86, 9021, 9023, 9027, 9037, 9081, 9082, 9201, 9205, 9207, 9208, 9209, 9210, 9211, 9212, 9213, 48800, 87, 97, 7510, 9180, 9898, 9908, 9916, 9918, 9919, 9928, 9929, 9939, 28080, 33702, 8011, 8012, 8013, 8014, 8015, 8016, 8017, and 8070

                                          8750, 8445, 18010, 4443, 5443, 6443, 7443, 8081, 8082, 8083, 8084, 8443, 8843, 9443, 8553, 8663, 9553, 9663, 18110, 18381, 18980, 28443, 18443, 8033, 18000, 19000, 7072, 7073, 8803, 8804, 8805, 9999

                                          +

                                          8750, 8445, 18010, 4443, 5443, 6443, 7443, 8081, 8082, 8083, 8084, 8443, 8843, 9443, 8553, 8663, 9553, 9663, 18110, 18381, 18980, 28443, 18443, 8033, 18000, 19000, 7072, 7073, 8803, 8804, 8805, and 9999

                                          Unlimited

                                          Managing Dedicated Engines

                                          This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, viewing instance monitoring configurations, upgrading the instance edition, or deleting an instance.

                                          +

                                          This topic describes how to manage your dedicated WAF instances (or engines). You can view instance information, view instance monitoring configurations, upgrade the edition of an instance, and delete an instance.
                                        -

                                        Example of Raw Data Format of Monitored Metrics

                                        [
-    {
-        "metric": {
-             // Namespace
-            "namespace": "SYS.WAF",
-            "dimensions": [
-                {
-                    // Dimension name, for example, protected website
-                    "name": "waf_instance_id",
-                    // ID of the monitored object in this dimension, for example, ID of the protected website
-                    "value": "082db2f542e0438aa520035b3e99cd99"
-                }
-            ],
-           //Metric ID
-            "metric_name": "waf_http_2xx"
-        },
-        // Time to live, which is predefined for the metric
-        "ttl": 172800,
-         // Metric value
-        "value": 0.0,
-       // Metric unit
-        "unit": "Count",
-         // Metric value type
-        "type": "float",
-        // Collection time for the metric
-        "collect_time": 1637677359778
-    }
-]
                                        +

                                        Example of Raw Data Format of Monitored Metrics

                                         1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
                                        [
+    {
+        "metric": {
+             // Namespace
+            "namespace": "SYS.WAF",
+            "dimensions": [
+                {
+                    // Dimension name, for example, protected website
+                    "name": "waf_instance_id",
+                    // ID of the monitored object in this dimension, for example, ID of the protected website
+                    "value": "082db2f542e0438aa520035b3e99cd99"
+                }
+            ],
+           //Metric ID
+            "metric_name": "waf_http_2xx"
+        },
+        // Time to live, which is predefined for the metric
+        "ttl": 172800,
+         // Metric value
+        "value": 0.0,
+       // Metric unit
+        "unit": "Count",
+         // Metric value type
+        "type": "float",
+        // Collection time for the metric
+        "collect_time": 1637677359778
+    }
+]
+
                                        +
                                        diff --git a/docs/wafd/umn/waf_01_3274.html b/docs/wafd/umn/waf_01_3274.html index e8df6d1bb..3a171f652 100644 --- a/docs/wafd/umn/waf_01_3274.html +++ b/docs/wafd/umn/waf_01_3274.html @@ -7,13 +7,13 @@ diff --git a/docs/wafd/umn/waf_01_3312.html b/docs/wafd/umn/waf_01_3312.html index 097940b64..185ebc03d 100644 --- a/docs/wafd/umn/waf_01_3312.html +++ b/docs/wafd/umn/waf_01_3312.html @@ -1,7 +1,7 @@

                                        Why Is the Bar Mitzvah Attack on SSL/TLS Detected?

                                        -

                                        The bar mitzvah attack is an attack on SSL/TLS protocols that exploits a vulnerability in the RC4 cryptographic algorithm. This vulnerability can disclose ciphertext in SSL/TLS encrypted traffic in some cases, such as passwords, credit card data, or other privacy data, to hackers.

                                        +

                                        The Bar Mitzvah attack is a cryptographic attack targeting SSL/TLS protocols. The attack exploits a vulnerability in the RC4 cryptographic algorithm. This vulnerability can disclose ciphertext in SSL/TLS encrypted traffic in some cases, such as passwords, credit card data, or other privacy data, to hackers.

                                        Solution

                                        To solve this problem, you can set the minimum TLS version to TLS v1.2 and cipher suite to cipher suite 2.

                                        diff --git a/docs/wafd/umn/waf_01_5249.html b/docs/wafd/umn/waf_01_5249.html index f6b7fed94..4993194d2 100644 --- a/docs/wafd/umn/waf_01_5249.html +++ b/docs/wafd/umn/waf_01_5249.html @@ -4,7 +4,7 @@

                                        To let a dedicated WAF instance protect your website, the domain name of the website must be connected to the dedicated WAF instance so that the website incoming traffic can go to WAF first.

                                        Application Scenarios

                                        Dedicated WAF instances can protect only web applications and websites that are accessible through domain names or IP addresses.

                                        -

                                        Processes of Connecting a Website to WAF

                                        Before using a dedicated WAF instance, complete the required configurations by following the process shown in Figure 1.

                                        +

                                        Processes of Connecting a Website to WAF

                                        After you apply for a dedicated WAF instance, complete the required configurations by following the process shown in Figure 1.

                                        Figure 1 Process of connecting a website to a dedicated WAF instance

                                        Collecting Domain Name/IP Address Details

                                        Before adding a domain name or IP address to WAF, obtain the information listed in Table 1.

                                        @@ -56,7 +56,7 @@

                                  VPC

                                  Select the VPC that the dedicated WAF instance belongs to.

                                  +

                                  Select the VPC that the dedicated WAF instance you apply for belongs to.

                                  vpc-default