What Types of Protection Rules Does WAF Support?
Table 1 lists all protection rules you can use in WAF.
Protection Rule |
Description |
---|---|
Basic web protection rules |
With an extensive reputation database, WAF defends against Open Web Application Security Project (OWASP) top 10 threats, and detects and blocks threats, such as malicious scanners, IP addresses, and web shells. |
CC attack protection rules |
CC attack protection rules can be customized to restrict access to a specific URL on your website based on a unique IP address, cookie, or referer field, mitigating CC attacks. |
Precise protection rules |
WAF allows you to customize protection rules by combining HTTP headers, cookies, URLs, request parameters, and client IP addresses. |
Blacklist and whitelist rules |
You can configure blacklist and whitelist rules to block, log only, or allow access requests from specified IP addresses. |
Geolocation access control rules |
You can customize these rules to allow or block requests from a specific country or region. |
Web tamper protection rules |
You can configure these rules to prevent a static web page from being tampered with. |
Website anti-crawler protection |
This function dynamically analyzes website service models and accurately identifies crawler behavior based on data risk control and bot identification systems, such as JS Challenge. |
Information leakage prevention rules |
You can add two types of information leakage prevention rules.
|
Global protection whitelist rules |
This function ignores certain attack detection rules for specific requests. |
Data masking rules |
You can configure data masking rules to prevent sensitive data such as passwords from being displayed in event logs. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot