Protective Action for WAF Instance Protection Policies Must Be "Block"
Rule Details
Parameter |
Description |
---|---|
Rule Name |
waf-instance-enable-block-policy |
Identifier |
Protective Action for WAF Instance Protection Policies Must Be "Block" |
Description |
If the protective action for a WAF instance protection policy is not Block, the check result is non-compliant. |
Tag |
waf |
Trigger Type |
Configuration change |
Filter Type |
waf.instance |
Rule Parameters |
None |
Application Scenarios
Web protection has two modes: Block and Log only. In Log only mode, WAF logs attacks only. In Block mode, WAF blocks and records every attack detected. For details, see Protection Configuration Overview.
Solution
Set the protective action of a WAF instance protection policy to Block.

Normal traffic of the protected website may be blocked by the built-in rules of WAF. You can configure a global whitelist to avoid this. For details, see Configuring a Global Protection Whitelist Rule to Ignore False Alarms.
Rule Logic
- If the protective action for a WAF instance protection policy is not Block, the check result is non-compliant.
- If the protective action for a WAF instance protection policy is Block, the check result is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot