Updated on 2024-03-15 GMT+08:00
What Do I Do If IPS Blocks Normal Services?
If normal service traffic is intercepted, perform either of the following operations:
- Query the ID of the rule that blocks traffic and modify the action of the rule in the IPS rule library. For details, see Querying Hit Rules and Modifying Protection Actions.
- Use a less strict IPS protection mode. For details, see Configuring Intrusion Prevention.
Querying Hit Rules and Modifying Protection Actions
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed, as shown in Figure 1.
- (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
- In the navigation pane, choose Log Audit > Log Query. Click the Attack Event Logs query and record the Rule ID of the rule that blocks traffic.
Figure 2 Rule ID
- In the navigation pane, choose Attack Defense > Intrusion Prevention. Click Check Rules under Basic Protection. The Basic Protection tab is displayed.
Figure 3 Checking rules
- Search for the rule by its ID. In the Operation column, change its action to Observe or Disable.
- Observe: The firewall logs the traffic that matches the current rule and does not block the traffic.
- Disable: The firewall does not log or block the traffic that matches the current rule.
Figure 4 Changing the protection mode of a rule
Parent topic: Troubleshooting
Troubleshooting FAQs
- How Do I Troubleshoot CFW Protection When Service Traffic Is Abnormal?
- Why Are Traffic and Attack Logs Incomplete on the Traffic Analysis Page?
- Why Does a Configured Policy Not Take Effect?
- What Do I Do If IPS Blocks Normal Services?
- What Do I Do If There Is No Data in Access Control Logs?
- How Does Huawei Cloud CFW Detect and Defend Against Attacks Exploiting the Apache Log4j Remote Code Execution Vulnerability?
- How Does CFW Detect and Defend Against Attacks Exploiting the Spring Framework Remote Code Execution Vulnerability?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
more