How Do I Handle False Alarms as WAF Blocks Normal Requests to My Website?
Once an attack hits a WAF rule, WAF will respond to the attack immediately according to the protective action (Log only or Block) you configured for the rule and display an event on the Events page.
If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and handle false alarms in the project.
In the row containing the false alarm event, click Details in the Operation column and view the event details. If you are sure that the event is a false positive, handle it as a false alarm by referring to Table 1. After an event is handled as a false alarm, WAF stops blocking corresponding type of event. No such type of event will be displayed on the Events page and you will no longer receive alarm notifications accordingly.
Type of Hit Rule |
Hit Rule |
Handling Method |
---|---|---|
WAF built-in protection rules |
|
In the row containing the attack event, click Handle as False Alarm in the Operation column. For details, see Handling False Alarms. |
Custom protection rules |
|
Go to the page displaying the hit rule and delete it. |
Other |
Invalid access requests
NOTE:
If either of the following cases, WAF blocks the access request as an invalid request:
|
Allow the blocked requests by referring to Configuring a Precise Protection Rule. The Handle as False Alarm button is grayed out for events that are generated against a precise protection rule. |
Service Interruption Check FAQs
- How Do I Troubleshoot 404/502/504 Errors?
- Why Is My Domain Name or IP Address Inaccessible?
- How Do I Handle False Alarms as WAF Blocks Normal Requests to My Website?
- Why Does WAF Block Normal Requests as Invalid Requests?
- Why Is the Handle False Alarm Button Grayed Out?
- How Do I Whitelist IP Address Ranges of Cloud WAF?
- What Is the Connection Timeout Duration of WAF? Can I Manually Set the Timeout Duration?
- How Do I Solve the Problem of Excessive Redirection Times?
- Why Are HTTPS Requests Denied on Some Mobile Phones?
- How Do I Fix an Incomplete Certificate Chain?
- Why Does My Certificate Not Match the Key?
- Why Am I Seeing Error Code 418?
- Why Am I Seeing Error Code 523?
- Why Does the Website Login Page Continuously Refreshed After a Domain Name Is Connected to WAF?
- Why Does the Requested Page Respond Slowly After the HTTP Forwarding Policy Is Configured?
- How Can I Upload Files After the Website Is Connected to WAF?
- Why Am I Seeing Error Code 414 Request-URI Too Large?
- What Do I Do If the Protocol Is Not Supported and the Client and Server Do Not Support Common SSL Protocol Versions or Cipher Suites?
- Why Cannot I Access the Dedicated Engine Page?
- Why Is the Bar Mitzvah Attack on SSL/TLS Detected?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more