Configuring Intelligent Access Control Rules to Accurately Defend Against CC Attacks

Prerequisites

You have added your website to a policy.

• For CNAME access in cloud mode, see Adding a Website to WAF (Cloud Mode - CNAME Access).
• For ELB access in cloud mode, see Adding a Website to WAF (Cloud Mode - ELB Access).
• For dedicated mode, see Connecting a Website to WAF (Dedicated Mode).

Constraints

• In cloud mode, only the standard, professional, and platinum editions support intelligent access control rules.
• Intelligent access control protection is available in North China regions only.

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
4. In the navigation pane on the left, choose Policies.
5. Click the name of the target policy to go to the protection configuration page.
6. Click the Intelligent Access Control configuration area and toggle it on or off if needed.
   • : enabled.
   • : disabled.

7. Click Intelligent Threat Access Control.
   CC Attack Protection Rule/Precise Protection Rule: Configure Action and Maximum Age for them after you enable them.

   • Action: Select Log only, Block, or JS Challenge.
   • Maximum Age: The rule becomes invalid if WAF does not detect any CC attack traffic within the maximum age you configure.
   Figure 1 Configure WAF Rule
   

8. Click OK.

   Click View WAF Rule to view the protection policies automatically generated by WAF after it detects CC attacks.