Managing Application Protection Policies

Application protection policies can be added, edited, and deleted in the following scenarios:

Adding a Policy: HSS provides a default policy. For details about the rules in the policy, see Default Policies. If you need to customize the policy for a server, you can add a protection policy and customize the rules and configurations in the policy. Up to 20 custom policies are allowed.
Editing a Policy: You can edit a custom protection policy.
Deleting a Policy: You can delete a custom protection policy that is not associated with any server.

Log in to the HSS console.
Click in the upper left corner and select a region or project.
In the navigation pane on the left, choose Server Protection > Application Protection.
In the upper right corner of the page, click Policies.
Click Add Policy.

Configure a custom policy. For more information, see Table 1.

Figure 1 Adding a protection policy
Click to enlarge

**Table 1** Parameters for adding a policy
Parameter	Description
Policy Name	User-defined policy name.
OS	OS of the servers that the protection policy applies to.
Description (Optional)	Description of the policy.
Detection Rule ID	Unique ID of a rule. To enable a rule, select the check box next to the ID.
Action	Action of a rule. By default, only the Detect action is allowed. A rule reports alarms on the events detected on specified objects.
Description	Description of the checked objects and action of a rule.
Operation	The rules XXE, XSS, WebShellUpload, FileDirAccess and ZeroDayDetect support user-defined blacklist and whitelist. Click Configure. In the displayed dialog box, configure the rule as needed. XXE: User-defined XXE blacklist protocol. Example: .xml;.dtd XSS: User-defined XSS blocking rule. Example: xml;doctype;xmlns;import;entity WebShellUpload: User-defined file name extension blacklist. Example: .jspx;.jsp;.jar;.phtml;.asp;.php;.ascx;.ashx;.cer FileDirAccess: User-defined path blacklist. Example: /etc/passwd;/etc/shadow;/etc/gshadow; zeroDayDetect: User-defined zero-day whitelist stack.

Log in to the HSS console.
Click in the upper left corner and select a region or project.
In the navigation pane on the left, choose Server Protection > Application Protection.
In the upper right corner of the page, click Policies.
In the Operation column of a policy, click Edit to go to the Edit Policy page.

Modify the policy. For more information, see Table 2.

Figure 2 Editing a protection policy
Click to enlarge

**Table 2** Parameters for editing a policy
Parameter	Description
Policy Name	User-defined policy name.
OS	The value cannot be changed.
Description (Optional)	Description of the policy.
Detection Rule ID	Unique ID of a rule. To enable a rule, select the check box next to the ID.
Action	Protection action of a rule. By default, only the Detect action is allowed. A rule reports alarms on the events detected on specified objects.
Description	Description of the checked objects and action of a rule.
Operation	The rules XXE, XSS, WebShellUpload, FileDirAccess and ZeroDayDetect support user-defined blacklist and whitelist. Click Configure. In the displayed dialog box, configure the rule as needed. XXE: User-defined XXE blacklist protocol. Example: .xml;.dtd XSS: User-defined XSS blocking rules. Example: xml;doctype;xmlns;import;entity WebShellUpload: User-defined file name extension blacklist. Example: .jspx;.jsp;.jar;.phtml;.asp;.php;.ascx;.ashx;.cer FileDirAccess: User-defined path blacklist. Example: /etc/passwd;/etc/shadow;/etc/gshadow; zeroDayDetect: User-defined zero-day whitelist stack.

Log in to the HSS console.
Click in the upper left corner and select a region or project.
In the navigation pane on the left, choose Server Protection > Application Protection.
In the upper right corner of the page, click Policies.
Locate a target policy and click Delete in the Operation column. The Delete Policy dialog box is displayed.
Check the policy information. If the information is correct, enter DELETE and click OK.

If the policy is no longer displayed in the policy list, it has been deleted.