Allowable Frequency
|
This parameter can be set if you select Block dynamically for Protective Action.
@@ -120,15 +127,16 @@
Click Confirm. You can then view the added CC attack protection rule in the CC rule list.- To disable a rule, click Disable in the Operation column of the rule. The default Rule Status is Enabled.
- To modify a rule, click Modify in the row containing the rule.
- To delete a rule, click Delete in the row containing the rule.
-Protection EffectIf you have configured a CC attack protection rule like Figure 2 (with Protective Action set to Block) for your domain name www.example.com, take the following steps to verify the protection effect:
- - Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- If the website is inaccessible, connect the website domain name to WAF by referring to Step 1: Add a Website to WAF.
- If the website is accessible, go to 2.
+Protection EffectIf you have configured a CC attack protection rule like Figure 1 (with Protective Action set to Block) for your domain name www.example.com, take the following steps to verify the protection effect:
+ - Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- Clear the browser cache, enter http://www.example.com/admin in the address bar, and refresh the page 10 times within 60 seconds. In normal cases, the custom block page will be displayed the eleventh time you refresh the page, and the requested page will be accessible when you refresh the page 60 seconds later.
If you select Verification code for protective action, a verification code is required for visitors to continue the access if they exceed the configured rate limit.
- Return to the WAF console. In the navigation pane, click Events. On the displayed page, view the event log.
Configuration Example - Verification CodeIf domain name www.example.com has been connected to WAF, perform the following steps to verify that WAF CAPTCHA verification is enabled.
- - Add a CC attack protection rule with Protection Action set to Verification code.
Figure 3 Verification code
- - Enable CC attack protection.
Figure 4 CC Attack Protection configuration area
+- Add a CC attack protection rule with Protection Action set to Verification code.
Figure 2 Verification code
+
+ - Enable CC attack protection.
Figure 3 Enabling CC Attack Protection
- Clear the browser cache and access http://www.example.com/admin/.
If you access the page 10 times within 60 seconds, a verification code is required when you attempt to access the page for the eleventh time. You need to enter the verification code to continue the access.
- Go to the WAF console. In the navigation pane on the left, choose Events. View the event on the Events page.
@@ -143,7 +151,7 @@
\ No newline at end of file
diff --git a/docs/wafd/umn/waf_01_0010.html b/docs/wafd/umn/waf_01_0010.html
index dc5cb5fd3..bcc7cdebd 100644
--- a/docs/wafd/umn/waf_01_0010.html
+++ b/docs/wafd/umn/waf_01_0010.html
@@ -5,20 +5,20 @@
A reference table can be added to a precise protection rule. The reference table takes effect for all protected domain names.
 If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.
PrerequisitesA website has been added to WAF.
+ PrerequisitesYou have added the website you want to protect to WAF.
Constraints
- If you configure Protective Action to Block for a precise protection rule, you can configure a known attack source rule by referring to Configuring a Known Attack Source Rule to Block Specific Visitors for a Specified Duration. WAF will block requests matching the configured IP address, Cookie, or Params for a length of time configured as part of the rule.
- The path content cannot contain the following special characters: (<>*)
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
Application ScenariosPrecise protection rules are used for anti-leeching and website management background protection.
- Configuring a Precise Protection Rule- Log in to the management console.
- Click
 in the upper left corner of the management console and select a region or project. - Click
 in the upper left corner and choose Web Application Firewall (Dedicated) under Security. - In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Precise Protection configuration area, change Status as needed and click Customize Rule to go to the Precise Protection page.
Figure 1 Precise Protection configuration area
+Configuring a Precise Protection Rule- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- Click the Precise Protection configuration area and toggle it on or off if needed.
 : enabled. : disabled.
- On the Precise Protection page, set Detection Mode.
Two detection modes are available: - Instant detection: If a request matches a configured precise protection rule, WAF immediately ends threat detection and blocks the request.
- Full detection: If a request matches a configured precise protection rule, WAF finishes its scan first and then blocks all requests that match the configured precise protection rule.
- In the upper left corner above the Precise Protection rule list, click Add Rule.
- In the displayed dialog box, add a rule by referring to Table 1.
The settings shown in Figure 2 are used as an example. If a visitor tries to access a URL containing /admin, WAF will block the request.
+ - In the upper left corner above the Precise Protection rule list, click Add Rule.
- In the displayed dialog box, add a rule by referring to Table 1.
The settings shown in Figure 1 are used as an example. If a visitor tries to access a URL containing /admin, WAF will block the request.
 To ensure that WAF blocks only attack requests, configure Protective Action to Log only first and check whether normal requests are blocked on the Events page. If no normal requests are blocked, configure Protective Action to Block.
Figure 2 Add Precise Protection Rule
+ Figure 1 Add Precise Protection Rule
Table 1 Rule parametersParameter
@@ -38,8 +38,8 @@
|
|---|
Condition List
|
-Click Add to add conditions. At least one condition needs to be added. You can add up to 30 conditions to a protection rule. If more than one condition is added, all of the conditions must be met for the rule to be applied. A condition includes the following parameters:
-Parameters for configuring a condition are described as follows: - Field
- Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
- Logic: Select a logical relationship from the drop-down list.
NOTE: - If Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them is selected, select an existing reference table in the Content drop-down list. For details, see Creating a Reference Table to Configure Protection Metrics In Batches.
- Exclude any value, Not equal to any value, Prefix is not any of them, and Suffix is not any of them indicates, respectively, that WAF performs the protection action (block, allow, or log only) when the field in the access request does not contain, is not equal to, or the prefix or suffix is not any value set in the reference table. For example, assume that Path field is set to Exclude any value and the test reference table is selected. If test1, test2, and test3 are set in the test reference table, WAF performs the protection action when the path of the access request does not contain test1, test2, or test3.
+ Click Add and add conditions. At least one condition is required for a rule, but up to 30 conditions are allowed. If you add more than one condition, the rule will only take effect when all conditions are met.
+Parameters for configuring a condition are described as follows: - Field
- Subfield: Configure this field only when Params, Cookie, or Header is selected for Field.
- Logic: Select a logical relationship from the drop-down list.
NOTE: - If Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them is selected, select an existing reference table in the Content drop-down list. For details, see Creating a Reference Table to Configure Protection Metrics in Batches.
- Exclude any value, Not equal to any value, Prefix is not any of them, and Suffix is not any of them indicates, respectively, that WAF performs the protection action (block, allow, or log only) when the field in the access request does not contain, is not equal to, or the prefix or suffix is not any value set in the reference table. For example, assume that Path field is set to Exclude any value and the test reference table is selected. If test1, test2, and test3 are set in the test reference table, WAF performs the protection action when the path of the access request does not contain test1, test2, or test3.
- Content: Enter or select the content of condition matching.
| 5
|
|
-Application Schedule
+ | Apply
|
Select Immediate to enable the rule immediately, or select Custom to configure when you wish the rule to be enabled.
|
Immediate
|
+Block Page
+ |
+If Protective Action is set to Block, you can configure an error page you want to return to the visitors.
+- If you select Default settings, the default block page is displayed.
- If you select Custom, a custom error message is displayed.
+ |
+Custom
+ |
+
+Block Page Type
+ |
+If you select Custom for Block Page, select a type of the block page among options application/json, text/html, and text/xml.
+ |
+text/html
+ |
+
+Page Content
+ |
+If you select Custom for Block Page, configure the content to be returned.
+ |
+Page content styles corresponding to different page types are as follows:
+- text/html: <html><body>Forbidden</body></html>
- application/json: {"msg": "Forbidden"}
- text/xml: <?xml version="1.0" encoding="utf-8"?><error> <msg>Forbidden</msg></error>
+ |
+
@@ -87,30 +110,30 @@
- Click Confirm. You can then view the added precise protection rule in the protection rule list.
- To disable a rule, click Disable in the Operation column of the rule. The default Rule Status is Enabled.
- To modify a rule, click Modify in the row containing the rule.
- To delete a rule, click Delete in the row containing the rule.
- Protection EffectTo verify WAF is protecting your website (www.example.com) against the rule as shown in Figure 2:
- - Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- If the website is inaccessible, connect the website domain name to WAF by following the instructions in Step 1: Add a Website to WAF.
- If the website is accessible, go to Step 2.
+Protection EffectTo verify WAF is protecting your website (www.example.com) against the rule as shown in Figure 1:
+ - Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- Clear the browser cache and enter http://www.example.com/admin (or any page containing /admin) in the address bar. Normally, WAF blocks the requests that meet the conditions and returns the block page.
- Return to the WAF console. In the navigation pane, choose Events. On the displayed page, view the event log.
Configuration Example - Blocking a Certain Type of Attack RequestsAnalysis of a specific type of WordPress pingback attack shows that the User Agent field contains WordPress.
- Figure 3 WordPress pingback attack
+ Figure 2 WordPress pingback attack
A precise rule as shown in the figure can block this type of attack.
- Figure 4 User Agent configuration
+ Figure 3 User Agent configuration
Configuration Example - Blocking Requests to a Certain URLIf a large number of IP addresses are accessing a URL that does not exist, configure the following protection rule to block such requests to reduce resource usage on the origin server.
- Figure 5 Blocking requests to a specific URL
+ Figure 4 Blocking requests to a specific URL
Configuration Example - Blocking Requests with null FieldsYou can configure precise protection rules to block requests having null fields.
- Figure 6 Blocking requests with empty Referer
+ Figure 5 Blocking requests with empty Referer
Configuration Example - Blocking Specified File Types (ZIP, TAR, and DOCX)You can configure file types that match the path field to block specific files of certain types. For example, if you want to block .zip files, you can configure a precise protection rule as shown in Figure 7 to block access requests of .zip files.
- Figure 7 Blocking requests of specific file types
+ Configuration Example - Blocking Specified File Types (ZIP, TAR, and DOCX)You can configure file types that match the path field to block specific files of certain types. For example, if you want to block .zip files, you can configure a precise protection rule as shown in Figure 6 to block access requests of .zip files.
+ Figure 6 Blocking requests of specific file types
- Configuration Example - Allowing a Specified IP Address to Access Your WebsiteYou can configure two precise protection rules, one to block all requests, as shown in Figure 8, but then another one to allow the access from a specific IP address, as shown in Figure 9.
- Figure 8 Blocking all requests
- Figure 9 Allowing the access of a specified IP address
+ Configuration Example - Allowing a Specified IP Address to Access Your WebsiteYou can configure two precise protection rules, one to block all requests, as shown in Figure 7, but then another one to allow the access from a specific IP address, as shown in Figure 8.
+ Figure 7 Blocking all requests
+ Figure 8 Allowing the access of a specified IP address
Configuration Example - Allowing a Specific IP Address to Access a Certain URLYou can configure multiple conditions in the Condition List field. If an access request meets the conditions in the list, WAF will allow the request from a specific IP address to access a specified URL.
- Figure 10 Allowing specific IP addresses to access specified URLs
+ Figure 9 Allowing specific IP addresses to access specified URLs
@@ -122,7 +145,7 @@
\ No newline at end of file
diff --git a/docs/wafd/umn/waf_01_0012.html b/docs/wafd/umn/waf_01_0012.html
index 3f073ac34..e276b7ed2 100644
--- a/docs/wafd/umn/waf_01_0012.html
+++ b/docs/wafd/umn/waf_01_0012.html
@@ -4,16 +4,16 @@
You can configure blacklist and whitelist rules to block, log only, or allow access requests from specific IP addresses or IP address ranges. Whitelist rules have a higher priority than blacklist rules.
If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.
- PrerequisitesA website has been added to WAF.
+ PrerequisitesYou have added the website you want to protect to WAF.
- Constraints- WAF does not support batch import of blacklists or whitelists. To configure multiple IP address or IP address range rules, add blacklist and whitelist rules one by one to allow or block specified IP addresses or IP address ranges.
- The address 0.0.0.0/0 cannot be added to a WAF IP address blacklist or whitelist, and if a whitelist conflicts with a blacklist, the whitelist rule takes priority. If you want to allow only a specific IP address within a range of blocked addresses, add a blacklist rule to block the range and then add a whitelist rule to allow the individual address you wish to allow.
- If you set Protective Action to Block for a blacklist or whitelist rule, you can set a known attack source to block the visitor for a certain period of time; however, the known attack source with Long-term IP address blocking or Short-term IP address blocking configured cannot be set for a blacklist or whitelist rule. WAF will block requests matching the configured Cookie or Params for a block duration you specify.
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
+ Constraints- When you add a website through Cloud Mode - Load balancer and set Frontend Protocol of the listener of your ELB load balancer to TCP, UDP, or QUIC, this type of rule does not take effect.
- WAF does not support batch import of blacklists or whitelists. To configure multiple IP address or IP address range rules, add blacklist and whitelist rules one by one to allow or block specified IP addresses or IP address ranges.
- The address 0.0.0.0/0 cannot be added to a WAF IP address blacklist or whitelist, and if a whitelist conflicts with a blacklist, the whitelist rule takes priority. If you want to allow only a specific IP address within a range of blocked addresses, add a blacklist rule to block the range and then add a whitelist rule to allow the individual address you wish to allow.
- If you set Protective Action to Block for a blacklist or whitelist rule, you can set a known attack source to block the visitor for a certain period of time; however, the known attack source with Long-term IP address blocking or Short-term IP address blocking configured cannot be set for a blacklist or whitelist rule. WAF will block requests matching the configured Cookie or Params for a block duration you specify.
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
Impact on the SystemIf an IP address is added to a blacklist or whitelist, WAF blocks or allows requests from that IP address without checking whether the requests are malicious.
- Configuring an IP Address Blacklist or Whitelist Rule- Log in to the management console.
- Click
 in the upper left corner of the management console and select a region or project. - Click
 in the upper left corner and choose Web Application Firewall (Dedicated) under Security. - In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Blacklist and Whitelist configuration area, change Status as needed and click Customize Rule.
Figure 1 Blacklist and Whitelist configuration area
+Configuring an IP Address Blacklist or Whitelist Rule- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- Click the Blacklist and Whitelist configuration area and toggle it on or off if needed.
- : enabled.
- : disabled.
- In the upper left corner above the Blacklist and Whitelist list, click Add Rule.
- In the displayed dialog box, specify the parameters by referring to Table 1.
- If you select Log only for Protective Action for an IP address, WAF only identifies and logs requests from the IP address.
- Other IP addresses are evaluated based on other configured WAF protection rules.
-Figure 2 Adding a blacklist or whitelist rule
+ Figure 1 Adding a blacklist or whitelist rule
Table 1 Rule parametersParameter
|
@@ -40,7 +40,7 @@
|---|
Protective Action
|
-- Block: Select Block if you want to blacklist an IP address or IP address range.
- Allow: Select Allow if you want to whitelist an IP address or IP address range.
- Log only: Select Log only if you want to observe an IP address or IP address range. Then, WAF determines whether the IP address or IP address range are blacklisted or whitelisted based on the events data.
+ | - Block: Select Block if you want to blacklist an IP address or IP address range.
- Allow: Select Allow if you want to whitelist an IP address or IP address range.
- Log only: Select Log only if you want to observe an IP address or IP address range. Then, WAF determines whether the IP address or IP address range are blacklisted or whitelisted based on the events data.
|
Block
|
@@ -69,17 +69,17 @@
Protection EffectTo verify WAF is protecting your website (www.example.com) against a rule:
- - Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- If the website is inaccessible, connect the website domain name to WAF by following the instructions in Step 1: Add a Website to WAF.
- If the website is accessible, go to Step 2.
+- Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- Blacklist the IP address of a client according to the instructions in Configuring an IP Address Blacklist or Whitelist Rule.
- Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
- Return to the WAF console. In the navigation pane, click Events. On the displayed page, view the event log.
Example Configuration - Allowing a Specified IP AddressesIf domain name www.example.com has been connected to WAF, you can perform the following steps to verify the rule takes effect:
- - Add the following two blacklist and whitelist rules to block all IP addresses:
Figure 3 Blocking IP address range 1.0.0.0/1
-Figure 4 Blocking IP address range 128.0.0.0/1
-You can also add a precise protection rule to block all access requests, as shown in Figure 5.
-Figure 5 Blocking all access requests
-For details, see Configuring Custom Precise Protection Rules.
- - Refer to Figure 6 and add a whitelist rule to allow a specified IP address, for example, XXX.XXX.2.3.
Figure 6 Allowing the access of a specified IP address
- - Enable the white and blacklist protection.
+
- Add a rule to block all source IP addresses.
- Method 1: Add the following two blacklist rules to block all source IP addresses, as shown in Figure 2 and Figure 3.
Figure 2 Blocking IP address range 1.0.0.0/1
+Figure 3 Blocking IP address range 128.0.0.0/1
+ - Method 2: Add a precise protection rule to block all access requests, as shown in Figure 4.
Figure 4 Blocking all access requests
+
+ - Refer to Figure 5 and add a whitelist rule to allow a specified IP address, for example, XXX.XXX.2.3.
Figure 5 Allowing the access of a specified IP address
+ - Enable the white and blacklist protection.
Figure 6 Blacklist and Whitelist configuration area
+
- Clear the browser cache and access http://www.example.com.
If the IP address of a visitor is not the one specified in Step 2, WAF blocks the access request. Figure 7 shows an example of the block page.
Figure 7 Block page
- Go to the WAF console. In the navigation pane on the left, choose Events. View the event on the Events page.
@@ -94,7 +94,7 @@
\ No newline at end of file
diff --git a/docs/wafd/umn/waf_01_0013.html b/docs/wafd/umn/waf_01_0013.html
index 1bfb5c8b0..fceecf483 100644
--- a/docs/wafd/umn/waf_01_0013.html
+++ b/docs/wafd/umn/waf_01_0013.html
@@ -4,12 +4,12 @@
WAF can identify where a request originates. You can set geolocation access control rules in just a few clicks and let WAF block or allow requests from a certain region. A geolocation access control rule allows you to allow or block requests from IP addresses from specified countries or regions.
If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.
- PrerequisitesA website has been added to WAF.
+ PrerequisitesYou have added the website you want to protect to WAF.
- Constraints- One region can be configured in only one geolocation access control rule.
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
+ Constraints- When you add a website through Cloud Mode - Load balancer and set Frontend Protocol of the listener of your ELB load balancer to TCP, UDP, or QUIC, this type of rule does not take effect.
- One region can be configured in only one geolocation access control rule.
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
- Configuring a Geolocation Access Control Rule- Log in to the management console.
- Click
 in the upper left corner of the management console and select a region or project. - Click
 in the upper left corner and choose Web Application Firewall (Dedicated) under Security. - In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Geolocation Access Control configuration area, change Status if needed and click Customize Rule.
Figure 1 Geolocation Access Control configuration area
- - In the upper left corner above the Geolocation Access Control list, click Add Rule.
- In the displayed dialog box, add a geolocation access control rule by referring to Table 1.
Figure 2 Adding a geolocation access control rule
+Configuring a Geolocation Access Control Rule- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- Click the Geolocation Access Control configuration area and toggle it on or off if needed.
- : enabled.
- : disabled.
+ - In the upper left corner above the Geolocation Access Control list, click Add Rule.
- In the displayed dialog box, add a geolocation access control rule by referring to Table 1.
Figure 1 Adding a geolocation access control rule
Table 1 Rule parametersParameter
|
@@ -47,25 +47,25 @@
Configuration Example - Allowing Access Requests from IP Addresses in a Specified RegionAssume that domain name www.example.com has been connected to WAF and you want to allow only IP addresses in Australia to access the domain name. Perform the following steps:
- - Add a geolocation access control rule: Select Australia for Geolocation and select Allow for Protective Action.
Figure 3 Selecting Allow for Protective Action
- - Enable geolocation access control.
Figure 4 Geolocation Access Control configuration area
- - Configure a precise protection rule to block all requests.
Figure 5 Blocking all access requests
+- Add a geolocation access control rule: Select Australia for Geolocation and select Allow for Protective Action.
Figure 2 Selecting Allow for Protective Action
+ - Enable geolocation access control.
Figure 3 Geolocation Access Control configuration area
+ - Configure a precise protection rule to block all requests.
Figure 4 Blocking all access requests
- Clear the browser cache and access http://www.example.com.
When an access request from IP addresses outside Australia accesses the page, WAF blocks the access request.
-Figure 6 Block page
+Figure 5 Block page
- Go to the WAF console. In the navigation pane on the left, choose Events. View the event on the Events page. You will see that all requests not from Australia have been blocked.
Configuration Example - Blocking Access Requests from IP Addresses in a Specified RegionAssume that domain name www.example.com has been connected to WAF and you want to block all IP addresses from Australia to access the domain name. The following shows how to configure a rule to this end:
- - Add a geolocation access control rule, select Australia for Geolocation and Block for Protective Action.
Figure 7 Blocking access requests from a specific region
- - Enable geolocation access control.
Figure 8 Geolocation Access Control configuration area
+- Add a geolocation access control rule, select Australia for Geolocation and Block for Protective Action.
Figure 6 Blocking access requests from a specific region
+ - Enable geolocation access control.
Figure 7 Geolocation Access Control configuration area
- Clear the browser cache and access http://www.example.com.
When an access request from IP addresses inside Australia accesses the page, WAF blocks the access request.
-Figure 9 Block page
- - Go to the WAF console. In the navigation pane on the left, choose Events. View the event on the Events page.
Figure 10 Viewing events - blocking access requests from IP addresses in a region
+Figure 8 Block page
+ - Go to the WAF console. In the navigation pane on the left, choose Events. View the event on the Events page.
Figure 9 Viewing events - blocking access requests from IP addresses in a region
Protection EffectTo verify WAF is protecting your website (www.example.com) against a rule:
- - Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- If the website is inaccessible, connect the website domain name to WAF by referring to Step 1: Add a Website to WAF.
- If the website is accessible, go to 2.
- - Add a geolocation access control rule by referring to Configuring a Geolocation Access Control Rule.
- Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
- Go to the WAF console. In the navigation pane on the left, choose Events. On the displayed page, view or download events data.
+ - Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
+
- Add a geolocation access control rule by referring to Configuring a Geolocation Access Control Rule.
- Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
- Return to the WAF console. In the navigation pane, click Events. On the displayed page, view the event log.
@@ -77,7 +77,7 @@
\ No newline at end of file
diff --git a/docs/wafd/umn/waf_01_0014.html b/docs/wafd/umn/waf_01_0014.html
index 1e3b90224..b1db9bd5d 100644
--- a/docs/wafd/umn/waf_01_0014.html
+++ b/docs/wafd/umn/waf_01_0014.html
@@ -15,8 +15,8 @@
- Web tamper protection
If an attacker modifies a static web page on the server, WAF still returns the cached original web page to visitors. Visitors never see the pages that were tampered with.
Configuring a Web Tamper Protection Rule- Log in to the management console.
- Click
 in the upper left corner of the management console and select a region or project. - Click
 in the upper left corner and choose Web Application Firewall (Dedicated) under Security. - In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Web Tamper Protection configuration area, change Status if needed and click Customize Rule to go to the Web Tamper Protection page.
Figure 1 Web Tamper Protection configuration area
- - In the upper left corner above the Web Tamper Protection rule list, click Add Rule.
- In the displayed dialog box, specify the parameters by referring to Table 1.
Figure 2 Adding a web tamper protection rule
+Configuring a Web Tamper Protection Rule- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- Click the Web Tamper Protection configuration area and toggle it on or off if needed.
- : enabled.
- : disabled.
+ - In the upper left corner above the Web Tamper Protection rule list, click Add Rule.
- In the displayed dialog box, specify the parameters by referring to Table 1.
Figure 1 Adding a web tamper protection rule
Table 1 Rule parametersParameter
|
@@ -60,9 +60,8 @@
Related Operations- To disable a rule, click Disable in the Operation column of the rule. The default Rule Status is Enabled.
- To update cache of a protected web page, click Update Cache in the row containing the corresponding web tamper protection rule. If the rule fails to be updated, WAF will return the recently cached page but not the latest page.
- To delete a rule, click Delete in the row containing the rule.
Configuration Example - Static Web Page Tamper PreventionTo verify WAF is protecting a static page /admin on your website www.example.com from being tampered with:
- - Add a web tamper prevention rule to WAF.
Figure 3 Adding a web tamper protection rule
- - Enable WTP.
Figure 4 Web Tamper Protection configuration area
- - Simulate the attack to tamper with the http://www.example.com/admin web page.
- Use a browser to access http://www.example.com/admin. WAF will cache the page.
- Access http://www.example.com/admin again.
The intact page is returned.
+- Add a web tamper prevention rule to WAF.
Figure 2 Adding a web tamper protection rule
+ - Enable WTP.
- Simulate the attack to tamper with the http://www.example.com/admin web page.
- Use a browser to access http://www.example.com/admin. WAF will cache the page.
- Access http://www.example.com/admin again.
The intact page is returned.
You can configure website anti-crawler protection rules to protect against search engines, scanners, script tools, and other crawlers, and use JavaScript to create custom anti-crawler protection rules.
If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure protection policies for the domain names in the project.
- PrerequisitesA website has been added to WAF.
+ PrerequisitesYou have added the website you want to protect to WAF.
Constraints
@@ -18,7 +18,7 @@
WAF only logs JavaScript challenge and JavaScript authentication events. No other protective actions can be configured for JavaScript challenge and authentication.
-
|---|
|---|
|
in the upper left corner of the management console and select a region or project.
in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
