Help Center/ Web Application Firewall/ User Guide/ Configuring Protection Policies/ Creating or Managing Protection Policies/ Creating a Protection Policy
Updated on 2025-08-19 GMT+08:00
View PDF
Share

Creating a Protection Policy

A protection policy is a collection of multiple protection rules. You can configure and manage protection rules in a policy. After a website is connected to WAF, a default protection policy is generated for the website domain name. You can configure protection rules for the policy as needed. You can configure protection rules in the default policy, or create a policy and configure protection rules for specific attack scenarios.

Constraints

  • This function is not supported in the standard edition.
  • A protected website domain name can use only one policy.
  • You can copy policies in the same enterprise project.

Prerequisites

You have connected the website you want to protect to WAF.

Adding a Protection Policy

A protection policy can be applied to multiple protected domain names, but a protected domain name can have only one protection policy.

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, click Policies.
  5. On the My Policies tab, click Add Policy.
  6. In the Add Policy dialog box, enter a policy name and click OK.

    Figure 1 Add Policy

    After completing the preceding configuration, you can view the added policy in the policy list. Click the policy name. On the policy details page, configure protection rules by referring to Configuring Protection Rules.

You can copy policies in the same enterprise project.

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, click Policies.
  5. Locate the row containing the policy you want to copy. In the Operation column, click Copy.
  6. In the Copy Policy dialog box, confirm the new policy name and enterprise project, and click OK.

    • WAF will name the copied policy original-policy-name_copy by default. You can rename the new policy.
    • If your policy has a known attack source rule configured, configure it again after you copy the policy as known attack source rules configured in dependent rules will become invalid in the new policy.
    Figure 2 Copy Policy

Related Operations

  • Renaming a policy: Click next to the target policy name. In the dialog box displayed, enter a new policy name.
  • Deleting a policy: Locate the row that contains the target policy, click More > Delete in the Operation column.

    If a policy is applied to a domain name, remove the domain name from the policy. Otherwise, the policy cannot be deleted.

  • Deleting policies in batches: Select the policies to be deleted and click Delete above the policy list.
Parent Topic: Creating or Managing Protection Policies