Creating a Reference Table to Configure Protection Metrics in Batches

This topic describes how to create a reference table to batch configure protection metrics of a single type, such as Path, User Agent, IP, Params, Cookie, Referer, and Header. A reference table can be referenced by CC attack protection rules, bot rules, and precise protection rules.

When you configure a CC attack protection rule, bot rule, or precise protection rule, if the Logic field in the Trigger list is set to Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any value, Suffix is any value, or Suffix is not any value, you can select an appropriate reference table from the Content drop-down list.

Prerequisites

You have added the website you want to protect to WAF.

Constraints

This function is not supported in the standard edition.

Application Scenarios

Reference tables can be used for configuring multiple protection fields in CC attack protection, bot rule and precise protection rules.

Creating a Reference Table

Log in to the WAF console.
Click in the upper left corner and select a region or project.
(Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
In the navigation pane on the left, click Policies.
Click the name of the target policy to go to the protection rule configuration page.

Before configuring protection rules, ensure that the target protection policy has been applied to a domain name. A protection policy can be applied to multiple protected domain names, but a protected domain name can have only one protection policy.
Select CC Attack Protection, Bot Rule, or Precise Protection.
Click Reference Table Management in the upper left corner of the list.

To add a reference table to a bot rule, click the Custom Protected Objects tab and click Reference Table Management in the upper left corner of the list.
On the Reference Table Management page, click Add Reference Table.

In the Add Reference Table dialog box, specify the parameters by referring to Table 1.

Figure 1 Adding a reference table
Click to enlarge

**Table 1** Parameter description
Parameter	Description	Example Value
Name	Name of the reference table.	test
Type	Type of the reference table to be detected. Path: A URL to be protected, excluding a domain name User Agent: A user agent of the scanner to be protected IP: An IP address of the visitor to be protected. Params: A request parameter to be protected Cookie: A small piece of data to identify web visitors Referer: A user-defined request resource For example, if the protected path is /admin/xxx and you do not want visitors to be able to access it from www.test.com, set Value to http://www.test.com. Header: A user-defined HTTP header.	Path
Value	Value of the corresponding Type. Wildcards are not allowed. NOTE: Click Add to add more than one value.	/buy/phone/
Rule Description	Description of the rule.	-

Click Confirm. You can then view the added reference table in the reference table list.
- After the preceding configurations are complete, you can view the added reference table in the reference table list.
- To delete or modify a reference table, click Delete or Modify in the Operation column of the reference table.

Related Operations

To modify a reference table, click Modify in the row containing the reference table.
To delete a reference table, click Delete in the row containing the reference table.

Parent topic: Configuring Protection Rules

Previous topic: Configuring a Scanning Blocking Rule to Automatically Block Heavy-Traffic Attacks

Next topic: Configuring a Known Attack Source Rule to Block Specific Visitors for a Specified Duration