Can I Configure Session Cookies in WAF?
No. WAF does not support session cookies.
WAF allows you to configure CC attack protection rules to limit the access frequency of a specific path (URL) in a single cookie field, accurately identify CC attacks, and effectively mitigate CC attacks. For example, if a user whose cookie ID is name accesses the /admin* page under the protected domain name for more than 10 times within 60 seconds, you can configure a CC attack protection rule to forbid the user from accessing the domain name for 600 seconds.
For details, see Configuring a CC Attack Protection Rule.
What Are Cookies?
Cookies are data (usually encrypted) stored on the local terminal of a user by a website to identify the user and trace sessions. Cookies are sent by a web server to a browser to record personal information of the user.
A cookie consists of a name, a value, and several optional attributes that control the cookie validity period, security, and usage scope. Cookies are classified into session cookies and persistent cookies. The details are as follows:
- Session cookie
A session cookie exists only in temporary memory while the user navigates the website. It does not have an expiration date. When the browser is closed, session cookies are deleted.
- Persistent cookie
A persistent cookie has an expiration date and is stored in disks. Persistent cookies will be deleted after a specific length of time.
WAF Functions FAQs
- Can WAF Protect an IP Address?
- What Objects Does WAF Protect?
- Does WAF Block Customized POST Requests?
- What Are the Differences Between the Web Tamper Protection Functions of WAF and HSS?
- Which Web Service Framework Protocols Does WAF Support?
- Can WAF Protect Websites Accessed Through HSTS or NTLM Authentication?
- What Are the Differences Between WAF Forwarding and Nginx Forwarding?
- What Are the Differences Between WAF and CFW?
- Can I Configure Session Cookies in WAF?
- How Does WAF Detect SQL Injection, XSS, and PHP Injection Attacks?
- Can WAF Defend Against the Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more