- What's New
- Function Overview
-
Product Bulletin
- Java Spring Framework Remote Code Execution Vulnerability
- Apache Dubbo Deserialization Vulnerability
- DoS Vulnerability in the Open-Source Component Fastjson
- Remote Code Execution Vulnerability of Fastjson
- Oracle WebLogic wls9-async Deserialization Remote Command Execution Vulnerability (CNVD-C-2019-48814)
- Service Overview
- Billing
- Getting Started
-
User Guide
- Creating a User Group and Granting Permissions
- Buying WAF
- Connecting a Website to WAF
- Viewing Protection Events
-
Configuring Protection Policies
- Protection Configuration Overview
- Configuring Basic Web Protection to Defend Against Common Web Attacks
- Configuring CC Attack Protection Rules to Defend Against CC Attacks
- Configuring Custom Precise Protection Rules
- Configuring IP Address Blacklist and Whitelist Rules to Block or Allow Specified IP Addresses
- Configuring Geolocation Access Control Rules to Block or Allow Requests from Specific Locations
- Configuring Web Tamper Protection Rules to Prevent Static Web Pages from Being Tampered With
- Configuring Anti-Crawler Rules
- Configuring Information Leakage Prevention Rules to Protect Sensitive Information from Leakage
- Configuring a Global Protection Whitelist Rule to Ignore False Alarms
- Configuring Data Masking Rules to Prevent Privacy Information Leakage
- Creating a Reference Table to Configure Protection Metrics in Batches
- Configuring a Known Attack Source Rule to Block Specific Visitors for a Specified Duration
- Condition Field Description
- Application Types WAF Can Protect
- Viewing the Dashboard Page
- Website Settings
- Policy Management
- Object Management
- System Management
- Permissions Management
- Monitoring and Auditing
-
Best Practices
- Website Access Configuration
- Website Protection Configuration Suggestions
-
Mitigating Web Security Vulnerabilities
- Java Spring Framework Remote Code Execution Vulnerability
- Apache Dubbo Deserialization Vulnerability
- DoS Vulnerability in the Open-Source Component Fastjson
- Remote Code Execution Vulnerability of Fastjson
- Oracle WebLogic wls9-async Deserialization Remote Command Execution Vulnerability (CNVD-C-2019-48814)
- Defending Against Challenge Collapsar (CC) Attacks
- Using WAF to Block Crawler Attacks
- Verifying a Global Protection Whitelist Rule by Simulating Requests with Postman
- Combining WAF and HSS to Improve Web Page Tampering Protection
- Configuring Origin Server Security
- Obtaining the Real Client IP Addresses
-
API Reference
- Before You Start
- API Overview
- API Calling
-
APIs
-
Managing Websites Protected by Dedicated WAF Engines
- Querying the List of Domain Names Protected by Dedicated WAF Instances
- Adding a Domain Name to a Dedicated WAF Instance
- Modifying a Domain Name Protected by a Dedicated WAF Instance
- Querying Domain Name Settings in Dedicated Mode
- Deleting a Domain Name from a Dedicated WAF Instance
- Modifying the Protection Status of a Domain Name in Dedicated Mode
-
Rule Management
- Changing the Status of a Rule
- Querying CC Attack Protection Rules
- Creating a CC Attack Protection Rule
- Querying a CC Attack Protection Rule by ID
- Updating a CC Attack Protection Rule
- Deleting a CC Attack Protection Rule
- Querying the List of Precise Protection Rules
- Creating a precise protection rule
- Querying a Precise Protection Rule by ID
- Updating a precise protection rule
- Deleting a precise protection rule
- Creating a Global Protection Whitelist (Formerly False Alarm Masking) Rule
- Querying the List of Global Protection Whitelist (Formerly False Alarm Masking) Rules
- Updating a Global Protection Whitelist (Formerly False Alarm Masking) Rule
- Deleting a Global Protection Whitelist (Formerly False Alarm Masking) Rule
- Querying the Blacklist and Whitelist Rule List
- Creating a Blacklist/Whitelist Rule
- Querying a blacklist or whitelist rule
- Updating a Blacklist or Whitelist Protection Rule
- Querying Global Protection Whitelist (Formerly False Alarm Masking) Rules
- Deleting a Blacklist or Whitelist Rule
- Querying the JavaScript Anti-Crawler Rule List
- Updating a JavaScript Anti-Crawler Protection Rule
- Creating a JavaScript Anti-Crawler Rule
- Querying a JavaScript Anti-Crawler Rule
- Updating a JavaScript Anti-Crawler Rule
- Deleting a JavaScript Anti-Crawler Rule
- Querying the list of Data Masking Rules.
- Creating a Data Masking Rule
- Querying a Data Masking Rule
- Updating a Data Masking Rule
- Deleting a Data Masking Rule
- Querying the List of Known Attack Source Rules
- Creating a Known Attack Source Rule
- Querying a Known Attack Source Rule by ID
- Updating a Known Attack Source Rule
- Deleting a Known Attack Source Rule
- Querying the List of Geolocation Access Control Rules
- Creating a Geolocation Access Control Rule
- Querying a Geolocation Access Control Rule by ID.
- Updating a Geolocation Access Control Rule
- Deleting a Geolocation Access Control Rule
- Querying the List of Web Tamper Protection Rules
- Creating a Web Tamper Protection Rule
- Querying a Web Tamper Protection Rule
- Deleting a Web Tamper Protection Rule
- Updating the Cache for a Web Tamper Protection Rule
- Querying the List of Information Leakage Prevention Rules
- Creating an Information Leakage Prevention Rule
- Querying an Information Leakage Prevention Rule
- Updating an Information Leakage Prevention Rule
- Deleting an Information Leakage Prevention Rule
- Querying the Reference Table List
- Creating a Reference Table
- Querying a Reference Table
- Modifying a Reference Table
- Deleting a Reference Table
- Address Group Management
- Certificate Management
- Event Management
- Dashboard
- Dedicated Instance Management
- Log Reporting
- Managing Your Subscriptions
- System Management
- Alarm Management
-
Protected Website Management in Cloud Mode
- Querying the List of Domain Names Protected in Cloud Mode
- Adding a Domain Name to the Cloud WAF
- Querying Details About a Domain Name by Domain Name ID in Cloud Mode
- Updating Configurations of Domain Names Protected with Cloud WAF
- Deleting a Domain Name from the Cloud WAF
- Changing the Protection Status of a Domain Name
- Querying the Domain Name of a Tenant
- Policy management
-
Managing Websites Protected by Dedicated WAF Engines
- Appendix
- Change History
- SDK Reference
-
FAQs
-
About WAF
- WAF Basics
- Can WAF Protect an IP Address?
- What Objects Does WAF Protect?
- Does WAF Block Customized POST Requests?
- What Are the Differences Between the Web Tamper Protection Functions of WAF and HSS?
- Which Web Service Framework Protocols Does WAF Support?
- Can WAF Protect Websites Accessed Through HSTS or NTLM Authentication?
- What Are the Differences Between WAF Forwarding and Nginx Forwarding?
- What Are the Differences Between WAF and CFW?
- Can I Configure Session Cookies in WAF?
- How Does WAF Detect SQL Injection, XSS, and PHP Injection Attacks?
- Can WAF Defend Against the Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)?
- Why Does the Vulnerability Scanning Tool Report Disabled Non-standard Ports for My WAF-Protected Website?
- What Are the Restrictions on Using WAF in Enterprise Projects?
- Will Traffic Be Permitted After WAF Is Switched to the Bypassed Mode?
- What Are Local File Inclusion and Remote File Inclusion?
- What Is the Difference Between QPS and the Number of Requests?
- Does WAF Support Custom Authorization Policies?
- Why Do Cookies Contain the HWWAFSESID or HWWAFSESTIME field?
- Can I Switch Between the WAF Cloud Mode and Dedicated Mode?
- What Are Regions and AZs?
- Can I Use WAF Across Regions?
-
About Purchase and Specifications Change
- What Are the Differences Between the Permissions of an Account and Those of IAM Users?
- Can I Share My WAF with Other Accounts?
- How Does WAF Calculate Domain Name Quota Usage?
- Can I Add More Protection Rules?
- What Can I Do If the Website Traffic Exceeds the WAF Service Request Limit?
- What Are the Impacts When QPS Exceeds the Allowed Peak Rate?
- Can I Change WAF Specifications During Renewal?
- Where and When Can I Buy a Domain, QPS, or Rule Expansion Package?
- How Do I Select Service QPS When Purchasing WAF?
- Is Service QPS Calculated Based on Incoming Traffic or Outgoing Traffic?
- Does WAF Have a Limit on the Protection Bandwidth or Shared Bandwidth?
- Where Can I View the Inbound and Outbound Bandwidths of a Protected Website?
-
Website Connect Issues
- How Do I Configure Domain Names to Be Protected When Adding Domain Names?
- Do I Have to Configure the Same Port as That of the Origin Server When Adding a Website to WAF?
- How Do I Whitelist Back-to-Source IP Addresses of Cloud WAF?
- What Are the Precautions for Configuring Multiple Server Addresses for Backend Servers?
- Does WAF Support Wildcard Domain Names?
- How Does WAF Forward Access Requests When Both a Wildcard Domain Name and a Single Domain Name Are Connected to WAF?
- What Can I Do If the Message "Illegal server address" Is Displayed When I Add a Domain Name?
- Why Am I Seeing That My Domain Quota Is Insufficient When There Is Still Remaining Quota?
- Why Am I Seeing the "Someone else has already added this domain name. Please confirm that the domain name belongs to you" Error Message?
- Why Cannot I Select a Client Protocol When Adding a Domain Name?
- Can I Set the Origin Server Address to a CNAME Record If I Use Cloud WAF?
- How Do I Verify Domain Ownership Using Huawei Cloud DNS?
- What Are Impacts If No Subdomain Name and TXT Record Are Configured?
- Can I Access a Website Using an IP Address After a Domain Name Is Connected to WAF?
- How Can I Forward Requests Directly to the Origin Server Without Passing Through WAF?
-
Protection Rules
- Which Protection Levels Can Be Set for Basic Web Protection?
- What Is the Peak Rate of CC Attack Protection?
- When Is Cookie Used to Identify Users?
- What Are the Differences Between Rate Limit and Allowable Frequency in a CC Rule?
- Why Cannot the Verification Code Be Refreshed When Verification Code Is Configured in a CC Attack Protection Rule?
- Can I Batch Add IP Addresses to a Blacklist or Whitelist Rule?
- Can I Import or Export a Blacklist or Whitelist into or from WAF?
- Why Does a Requested Page Fail to Respond to the Client After the JavaScript-based Anti-Crawler Is Enabled?
- Is There Any Impact on Website Loading Speed If Other Crawler Check in Anti-Crawler Is Enabled?
- How Does JavaScript Anti-Crawler Detection Work?
- In Which Situations Will the WAF Policies Fail?
- How Do I Allow Requests from Only IP Addresses in a Specified Geographical Region?
- How Do I Allow Only Specified IP Addresses to Access Protected Websites?
- Which Protection Rules Are Included in the System-Generated Policy?
- Why Does the Page Fail to Be Refreshed After WTP Is Enabled?
- What Are the Differences Between Blacklist/Whitelist Rules and Precise Protection Rules on Blocking Access Requests from Specified IP Addresses?
- What Do I Do If a Scanner, such as AppScan, Detects that the Cookie Is Missing Secure or HttpOnly?
- Certificate Management
-
Protection Event Logs
- Can I Obtain WAF Logs Using APIs?
- What Does "Mismatch" for "Protective Action" Mean in the Event List?
- How Does WAF Obtain the Real Client IP Address for a Request?
- How Long Can WAF Protection Logs Be Stored?
- Can I Query Protection Events of a Batch of Specified IP Addresses at Once?
- Will WAF Record Unblocked Events?
- Why Is the Traffic Statistics on WAF Inconsistent with That on the Origin Server?
- Why Is the Number of Logs on the Dashboard Page Inconsistent with That on the Configure Logs Tab?
- Why Is My Domain Name or IP Address Inaccessible?
- How Do I Fix an Incomplete Certificate Chain?
-
About WAF
-
Troubleshooting
- Troubleshooting Website Connection Exceptions
-
Troubleshooting Certificate and Cipher Suite Issues
- How Do I Fix an Incomplete Certificate Chain?
- Why Does My Certificate Not Match the Key?
- Why Are HTTPS Requests Denied on Some Mobile Phones?
- What Do I Do If the Protocol Is Not Supported and the Client and Server Do Not Support Common SSL Protocol Versions or Cipher Suites?
- Why Is the Bar Mitzvah Attack on SSL/TLS Detected?
- Troubleshooting Traffic Forwarding Exceptions
- Checking Whether Normal Requests Are Blocked Mistakenly
- Videos
Enabling Alarm Notifications
This topic describes how to enable notifications for attack logs. Once this function is enabled, WAF sends you SMS or email notifications if an attack is detected.
You can configure certificate expiration reminders. When a certificate is about to expire, WAF notifies you by the way you configure, such as email or SMS.
- Before setting alarm notifications, create a message topic in SMN.
- If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and enable alarm notifications.
Prerequisites
SMN has been enabled.
Constraints
- Alarm notifications are sent if the number of attacks reaches the threshold you configure.
Enabling Alarm Notifications
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner and choose Security > Web Application Firewall.
- In the navigation pane, choose Instance Management > Notifications.
- Click Create and configure alarm notification parameters. Table 1 lists the parameters.
Figure 1 Create Notification
Table 1 Description of notification setting parameters Parameter
Description
Notification Type
Select a notification type.
- Events: WAF sends attack logs to you in the way you configure (such as SMS or email) once it detects log-only or blocked events.
- Certificate expiration: When a certificate is about to expire, WAF notifies you by the way you configure, such as email or SMS.
Notification Name
Name of the alarm notification.
Description
(Optional) A description of the purposes of the alarm.
Enterprise Project
Select an enterprise project from the drop-down list. The notification takes effect in the selected enterprise project.
Notification Topic
Select a topic from the drop-down list.
If there are no topics, click View Topic and perform the following steps to create a topic:- Create a topic. For details, see Creating a Topic.
- Add one or more subscriptions to the topic. You will need to provide a phone number, email address, function, platform application endpoint, DMS endpoint, or HTTP/HTTPS endpoint for receiving alarm notifications. For details, see Adding a Subscription.
- Confirm the subscription. After the subscription is added, confirm the subscription.
For details about topics and subscriptions, see the Simple Message Notification User Guide.
Interval
If you select Events for Notification Type, Interval must be configured.
NOTE:
Alarm notifications are sent if the number of attacks reaches the threshold configured for a certain period.
Event Type
If you select Events for Notification Type, Event Type must be configured.
By default, All is selected. To specify event types, click Custom.
Notification Before Expiration
This parameter must be configured if you select Certificate expiration for Notification Type.
Select how long before a certificate expire WAF can send notifications. You can select 1 week, 1 month, or 2 months.
For example, if you select 1 week, WAF will send you an SMS message or email one week before the certificate expires.
Interval
This parameter must be configured if you select Certificate expiration for Notification Type.
How often WAF sends certificate expiration notifications to you. You can select Weekly or Daily.
- Click OK.
- To disable a notification, locate the row containing the notification and click Disable in the Operation column.
- To delete a notification, locate the row containing the notification and click Delete in the Operation column.
- To modify a notification, locate the row containing the notification and click Modify in the Operation column.
Example Alarm Notification Email
If you have enabled alarm notifications and configured email alarm notifications, WAF emails you reports of any attacks that occur. Figure 2 shows an example of an alarm notification email.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.