Help Center/ Cloud Firewall/ User Guide/ Access Control/ Managing ACL Policies/ Adjusting the Priority of a Protection Rule

Updated on 2026-02-02 GMT+08:00

View PDF

Adjusting the Priority of a Protection Rule

Rules are evaluated in descending order of priority. The rule will stop being evaluated once a rule applies. To avoid false blocking and improve matching accuracy, place allowing rules before blocking rules and specific rules before general ones. This ensures that normal traffic is allowed first and precise rules are applied.

This section describes how to adjust the priorities of protection rules.

Priority Description

You can check the priorities of protection rules in the rule list. A larger value indicates a lower priority. The value 1 indicates the highest priority.

Adjusting the Priority of a Protection Rule

Log in to the CFW console.
Click in the upper left corner of the management console and select a region or project.
(Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
In the navigation pane, choose Access Control, and choose Internet Border Protection Rules or VPC Border Protection Rules.
In the Operation column of a rule, click Configure Priority.
In the displayed dialog box, select Pin on top or Lower than the selected rule, and click OK.
- If you select Pin on top, the policy is set to the highest priority.
- If you select Lower than the selected rule, you need to select a group or rule. The policy priority will be lower than the selected rule.
When the priority of a rule is changed, the priority numbers of the rules that followed it in the original order are each decremented by 1.

Related Operations/Documents

For details about how to add a protection rule, see: Configuring Protection Rules to Block or Allow Internet Border Traffic, Configuring Protection Rules to Block or Allow VPC Border Traffic, Configuring Protection Rules to Block or Allow NAT Gateway Border Traffic.
For details about how to batch add blacklist or whitelist items, see: Configuring the Blacklist/Whitelist to Block or Allow Internet Border Traffic, Adding Blacklist or Whitelist Items to Block or Allow VPC Border Traffic, Adding Blacklist or Whitelist Items to Block or Allow NAT Gateway Border Traffic.
Checking protection outcomes:
- Policy hits: For details about the protection overview, see Viewing Protection Information Using the Policy Assistant. For details about logs, see Access Control Logs.
- For details about the traffic trend and statistics, see Traffic Analysis. For details about traffic records, see Traffic Logs.
For details about how to batch add protection policies, see Importing and Exporting Protection Policies.

Parent Topic: Managing ACL Policies

Previous topic: Importing and Exporting Protection Policies

Next topic: Managing Protection Rules

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.