Updated on 2024-03-14 GMT+08:00

What Types of Protection Rules Does WAF Support?

Table 1 lists all protection rules you can use in WAF.

Table 1 Configurable protection rules

Protection Rule

Description

Basic web protection rules

With an extensive reputation database, WAF defends against Open Web Application Security Project (OWASP) top 10 threats, and detects and blocks threats, such as malicious scanners, IP addresses, and web shells.

CC attack protection rules

CC attack protection rules can be customized to restrict access to a specific URL on your website based on a unique IP address, cookie, or referer field, mitigating CC attacks.

Precise protection rules

WAF allows you to customize protection rules by combining HTTP headers, cookies, URLs, request parameters, and client IP addresses.

Blacklist and whitelist rules

You can configure blacklist and whitelist rules to block, log only, or allow access requests from specified IP addresses.

Known attack source rules

These rules can block the IP addresses from which blocked malicious requests originate. These rules are dependent on other rules.

Geolocation access control rules

You can customize these rules to allow or block requests from a specific country or region.

Web tamper protection rules

You can configure these rules to prevent a static web page from being tampered with.

Website anti-crawler protection

This function dynamically analyzes website service models and accurately identifies crawler behavior based on data risk control and bot identification systems, such as JS Challenge.

Information leakage prevention rules

You can add two types of information leakage prevention rules.

  • Sensitive information filtering: prevents disclosure of sensitive information (such as ID numbers, phone numbers, and email addresses).
  • Response code interception: blocks the specified HTTP status codes.

Global protection whitelist rules

This function ignores certain attack detection rules for specific requests.

Data masking rules

You can configure data masking rules to prevent sensitive data such as passwords from being displayed in event logs.