Managing Application Protection Policies

Scenario

Application protection policies can be added, edited, and deleted in the following scenarios:

• Addition: HSS provides a default policy, which contains all the rules for application protection. If you need to customize the policy for a server, you can add a protection policy and customize the rules and configurations in the policy.
• Editing: You can edit a custom protection policy.
• Deletion: You can delete a custom protection policy that is not associated with any server.

Adding a Policy

1. Log in to the HSS console.Log in to the management console.
2. Click in the upper left corner and select a region or project.
3. In the upper left corner of the page, click and choose Security > Host Security Service.
4. Choose Server Protection > Application Protection and click Protection Policies. For more information, see Table 1.

   Table 1 Protection policy parameters

   Parameter	Description
   Policy Name	Protection policy name
   Detection Rule	Detection rules supported by a policy.
   Associated Servers	Number of servers bound to a policy.

5. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
6. Click Add Policy. In the dialog box that is displayed, configure the parameters by referring to Table 2.
   Figure 1 Adding a protection policy
   

   Table 2 Application protection policy parameters

   Parameter	Description
   OS	OS of the servers that the protection policy applies to.
   Policy Name	User-defined policy name
   Detection Rule ID	Unique ID of a rule. To enable a rule, select the check box next to the ID.
   Action	Action of a rule. Detect: Detects objects based on the target rule and reports alarms for detected risk events. Detect and block: Detects objects based on the target rule, reports alarms for detected risk events, and directly blocks or intercepts detected risk items. WARNING: Blocking or interception may interrupt services. Exercise caution when enabling this function.
   Description	Description about the detected object and behavior of the target protection policy.

7. Click Configure in the Operation column of a rule to modify the rule content. Table 3 describes the supported rules.

   Table 3 Detection rules that can be configured only

   Rule	Description	Example
   XXE	User-defined XXE blacklist protocol	.xml;.dtd;
   XSS	User-defined XSS shielding rules	xml;doctype;xmlns;import;entity
   WebShellUpload	User-defined suffix of files in the blacklist.	.jspx;.jsp;.jar;.phtml;.asp;.php;.ascx;.ashx;.cer
   FileDirAccess	User-defined path of files in the blacklist.	/etc/passwd;/etc/shadow;/etc/gshadow;

8. Confirm the configured policy and selected detection rules, and click OK. You can check whether the rule is added on the Protection Policy tab page.

Editing a Policy

1. Log in to the HSS console.Log in to the management console.
2. Click in the upper left corner and select a region or project.
3. In the upper left corner of the page, click and choose Security > Host Security Service.
4. Choose Server Protection > Application Protection and click Protection Policies. For more information, see Table 4.

   Table 4 Protection policy parameters

   Parameter	Description
   Policy Name	Protection policy name
   Detection Rule	Detection rules supported by a policy.
   Associated Servers	Number of servers bound to a policy.

5. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
6. Click Edit in the Operation column of a policy to configure the policy name, supported rules, and rule content.

   Table 5 Application protection policy parameters

   Parameter	Description
   Policy Name	User-defined policy name
   Detection Rule ID	Unique ID of a rule. To enable a rule, select the check box next to the ID.
   Action	Action of a rule. Detect: Detects objects based on the target rule and reports alarms for detected risk events. Detect and block: Detects objects based on the target rule, reports alarms for detected risk events, and directly blocks or intercepts detected risk items. NOTICE: Blocking or interception may interrupt services. Exercise caution when enabling this function
   Description	Description about the detected object and behavior of the target protection policy.

7. Confirm the rule settings and check items, and click OK. You can check whether the rule has been modified on the Policies page.

Deleting a Policy

1. Log in to the HSS console.Log in to the management console.
2. Click in the upper left corner and select a region or project.
3. In the upper left corner of the page, click and choose Security > Host Security Service.
4. Choose Server Protection > Application Protection and click Protection Policies. For more information, see Table 6.

   Table 6 Protection policy parameters

   Parameter	Description
   Policy Name	Protection policy name
   Detection Rule	Detection rules supported by a policy.
   Associated Servers	Number of servers bound to a policy.

5. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
6. Click Delete in the Operation column of a policy. In the dialog box that is displayed, confirm the policy information and click OK.
   

   Only the policies that are not associated with any server can be deleted.