Configuring Basic Web Protection
This topic describes best practices in basic web protection.
Application Scenarios
Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).
Protection Policy
- Log in to the management console.
- Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
- In the navigation pane on the left, choose Website Settings.
- In the Policy column of the row containing the domain name, click the number to go to the Policies page.
- In the Basic Web Protection configuration area, change its status if needed.
By default, Basic Web Protection is enabled and its mode is Log only.
- Protection status
- : Basic Web Protection is enabled.
- : Basic Web Protection is disabled.
- Protection mode: block or log only
- Block: WAF blocks and logs the detected attacks.
- Log only: WAF only logs the detected attacks.
- Protection status
- Click Advanced Settings. Go to the Basic Web Protection page.
- Protection Level: high, medium, and low. The default level is Low.
Table 1 Protection levels Protection Level
Description
Low
WAF only blocks the requests with obvious attack signatures.
If a large number of false alarms are reported, Low is recommended.
Medium
The default level is Medium, which meets a majority of web protection requirements.
High
WAF blocks the requests with no attack signature but have specific attack patterns.
High is recommended if you want to block SQL injection, XSS, and command injection attacks.
- Protection Level: high, medium, and low. The default level is Low.
Usage Instructions
- If you are not familiar with your website's traffic pattern, select the Log only mode for one to two weeks and analyze the logs for those days.
- If no record of blocking legitimate requests is found, switch to the Block mode.
- If legitimate requests are blocked, adjust the protection level or configure global protection whitelist rules to prevent legitimate requests from being blocked.
- Note the following points in your operations:
- Do not transfer the original SQL statement or JavaScript code in a legitimate HTTP request.
- Do not use special keywords (such as UPDATE and SET) in a legitimate URL. For example, https://www.example.com/abc/update/mod.php?set=1.
- Use Object Storage Service (OBS) or other secure methods to upload files that exceed 50 MB rather than via a web browser.
Protection Effect
To check whether basic web protection takes effect, enter a test domain name in the address bar of your browser and simulate an SQL injection attack. If WAF blocks the attack, the configuration works. You can view attack event logs on the Dashboard page.
You can also view protection logs generated in yesterday, today, past 3 days, past 7 days, 30 days, or user-defined time range on the Events page.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot