Managing Built-in Rule Sets
WAF provides some built-in rules to detect common web application attacks. The default rule sets are classified into Loose, Medium, and Strict based on protection precision. All built-in rules are managed by WAF and are updated periodically to protect against emerging attack features.
You can select a built-in rule set or custom rule set when configuring basic web protection.
Prerequisites
Viewing Default Rules
You can view all built-in rules on the Default Rules tab on the Built-in Rule Sets page.
- Log in to the WAF console.
- Click
in the upper left corner and select a region or project. - (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the navigation pane on the left, choose .
- On the Default Rules tab, view details about all built-in rules and rule updates.
- Built-in rule details
By default, all built-in rules are sorted by update time in descending order. In the rule list area, you can:
- Customize columns to be displayed (① in Figure 1): Click
, select the columns you want to display in the rule list, and set whether to automatically wrap the table content. - Set filter criteria for the rule list (② in Figure 1): If multiple filter criteria are selected, the filter criteria are displayed in AND logic.
- Filter rules by update time: You can view rules updated all time or in a custom time range.
- Filter rules by protection level: You can select All, Loose, Medium, or Tight filter to view corresponding rule sets.
- Filter rules by attribute: You can select the Rule ID, Rule Description, CVE ID, Risk Severity, Application Type, or Protection Type filter to view a specific rule.
- Customize rule rankings: Click
next to Rule ID, Rule Description, CVE ID, Risk Severity, Application Type, Protection Type, or Updated to rank the rules in ascending or descending order. - Copy specified content: Click
next to the rule ID, rule description, CVE ID, application type, and protection type to copy the current content.
Table 1 Default rule parameters Parameter
Description
Rule ID
The ID of the protection rule. You can copy the ID and view the protection rule details. For details, see Events.
Rule Description
A brief description of the rule.
CVE ID
CVE ID of the vulnerability related to the rule. Common Vulnerabilities and Exposures (CVE) IDs identify known cybersecurity vulnerabilities. One CVE ID corresponds to one vulnerability. The CVE ID is in the format of CVE-Year-Serial number.
Risk Severity
Severity of the threat the protection rule protects against.
Application Type
The type of the application where attacks were reported based on the rule.
Protection Type
Types of attacks the protection rule defends against, including SQL injection, malicious crawlers, local file inclusion, cross-site scripting, command injection, remote file inclusion, and website Trojans.
Updated
The time the protection rule was updated. A protection rule will be updated based on the attack feature changes to ensure the rule works as expected.
- Customize columns to be displayed (① in Figure 1): Click
- Rule updates
On the Rule Updates panel, view the vulnerability and rule update details.
- Exporting all built-in rule sets
Click Export above the rule list to export all built-in rules to an XLSX file.
- Built-in rule details
Creating a Custom Rule Set
To create a custom rule set, submit a service ticket first. To create a custom rule set, you can only copy rules from the built-in loose, medium, or tight rule set, and then update rules and the protective action.
- Log in to the WAF console.
- Click in the upper left corner and select a region or project.
- (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the navigation pane on the left, choose .
- On the Built-in Rule Sets page, click Customize Rule Set.
- In the Customize Rule Set dialog box, complete the following configurations and click OK.
Table 2 Parameters for creating a custom rule set Parameter
Description
Example Value
Rule Set Name
The name of the rule set. Enter a maximum of 64 characters. Only digits, letters, hyphens (-), underscores (_), and periods (.) are allowed.
waf
Remarks
Remarks of the custom rule set.
-
Original Default Rule Set
The rule set you use to create the custom rule set. You can select Loose rule set, Medium rule set, or Tight rule set.
Loose rule set
Rule Update
Rule Update: WAF periodically updates built-in rules and synchronizes the updates to the rule set you copied. You can enable or disable automatic update.
Disable
Protective action: You can select Block or Log only. The configured protective action will simultaneously apply to basic web protection rules.
Log only
After completing the preceding configurations, you can select the created custom rule set when configuring basic web protection rules.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
