Configuring Sensitive Directory Scan Defense
CFW can defend against sensitive directory scan attacks. After this function is enabled, the service can block scan attacks.
Constraints
- Intrusion prevention does not support decryption detection and defense for TLS- and SSL-encrypted traffic.
Impacts on Services
If IPS basic protection is enabled, a range of possible threats and suspicious traffic will be blocked. To change the protection mode, you are advised to enable the Observe mode and check false alarms for a period of time and then switch to the Intercept mode.
Actions
- Observe: Detected sensitive directory scanning attacks are only recorded in attack event logs.
- Block session: If the firewall detects a sensitive directory scan attack, it blocks the current session.
- Block IP: If CFW detects a sensitive directory scan attack, it blocks the attack IP address for a period of time.
After Block IP is configured, CFW continuously blocks IP addresses. If address translation or proxy is involved, evaluate the impact of blocking IP addresses with caution.
Enabling Sensitive Directory Scan Defense
- Log in to the CFW console.
- Click
in the upper left corner of the management console and select a region or project. - (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation pane, choose .
- Ensure Basic Protection is enabled.
- Click Advanced at the bottom of the page. In the Sensitive Directory Scan Defense area, click
to enable it.
- Action:
- Observe: Detected sensitive directory scanning attacks are only recorded in attack event logs.
- Block session: If the firewall detects a sensitive directory scan attack, it blocks the current session.
- Block IP: If CFW detects a sensitive directory scan attack, it blocks the attack IP address for a period of time.
After Block IP is configured, CFW continuously blocks IP addresses. If address translation or proxy is involved, evaluate the impact of blocking IP addresses with caution.
- Duration: If Action is set to Block IP, you can set the blocking duration. The value range is 60s to 3,600s.
- Threshold: CFW performs the specified action if the scan frequency of a sensitive directory reaches this threshold.
- Action:
- Click OK.
Follow-up Operations
For details about the protection overview, see Viewing Attack Defense Information on the Dashboard. For details about logs, see Attack Event Logs.
Related Operations
- Changing the defense action: Click Configure in the Sensitive Directory Scan Defense area. In the displayed dialog box, select an action and click OK.
- Modifying the threshold: Click Configure in the Sensitive Directory Scan Defense area. In the displayed dialog box, set the threshold and click OK.
- Disabling sensitive directory scan defense: Click next to Sensitive Directory Scan Defense. In the displayed dialog box, click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
