Help Center/ Edge Security/ User Guide/ Security Protection/ Protection Policy/ Configuring Protection Policies/ Configuring Basic Protection Rules to Defend Against Common Web Attacks

Updated on 2024-07-12 GMT+08:00

View PDF

Configuring Basic Protection Rules to Defend Against Common Web Attacks

After this function is enabled, EdgeSec can defend against common web attacks, such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections. You can also enable basic web protection, such as web shell detection.

Prerequisites

A protected website has been added. For details, see Adding a Website to EdgeSec.

Constraints

Basic web protection has two modes: Block and Log only.
It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
If you select Block for Basic Web Protection, you can configure access control criteria for a known attack source. EdgeSec will block requests matching the configured IP address, Cookie, or Params for a length of time configured as part of the rule.

Procedure

Log in to the management console.
Click in the upper left corner of the page and choose Security & Compliance > Edge Security.
In the navigation pane on the left, choose Website Setting under Edge Security.
In the Policy column of the row containing the domain name, click the number to go to the Policies page.

Figure 1 Website list

In the Basic Web Protection configuration area, change Status and Mode as needed by referring to Table 1.

Figure 2 Basic Web Protection configuration area

**Table 1** Parameter description
Parameter	Description
Status	Status of Basic Web Protection : enabled. : disabled.
Mode	Block: The detected attacks are blocked and logged. Log only:The detected attacks are logged only.

In the Basic Web Protection configuration area, click Advanced Settings.

On the Protection Status tab page, enable protection types you need by referring to Table 3.

Figure 3 Basic web protection

If you select Mode for Block on the Protection Status tab, you can select a known attack source rule to let EdgeSec block requests accordingly. For details, see Configuring a Known Attack Source Rule.

Set the protection level.

In the upper right part of the page, set Protection Level to Low, Medium, or High. The default value is Medium.

**Table 2** Protection levels
Protection Level	Description
Low	EdgeSec only blocks the requests with obvious attack signatures. If a large number of false alarms are reported, Low is recommended.
Medium	The default level is Medium, which meets a majority of web protection requirements.
High	At this level, EdgeSec provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks. Configure global whitelist rules after the service has been running for a period of time, and then enable the strict mode.

Set the protection type.

By default, General Check is enabled. You can enable other protection types by referring to Table 3.

**Table 3** Protection types
Type	Description
General Check	Defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections. SQL injection attacks are mainly detected based on semantics. NOTE: If you enable General Check, EdgeSec checks your websites based on the built-in rules.
Webshell Detection	Protects against web shells from upload interface. NOTE: If you enable Webshell Detection, EdgeSec detects web page Trojan horses inserted through the upload interface.

Example - Blocking SQL Injection Attacks

If domain name www.example.com has been connected to EdgeSec, perform the following steps to verify that EdgeSec can block SQL injection attacks.

Enable General Check in Basic Web Protection and set the protection mode to Block.

Figure 4 Enabling General Check
Enable EdgeSec basic web protection.

Figure 5 Enabling EdgeSec basic web protection
Clear the browser cache and enter a simulated SQL injection (for example, http://www.example.com?id=' or 1=1) in the address box.

The access request is intercepted, as shown in Figure 6.

Figure 6 Block page
Go to the EdgeSec console. In the navigation pane on the left, choose Events. View the event on the Events page.

Parent topic: Configuring Protection Policies

Previous topic: Configuration Guidance

Next topic: Configuring CC Attack Protection Rules to Defend Against CC Attacks

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot