Help Center/ Web Application Firewall/ FAQs/ Protection Rules/ Which Protection Levels Can Be Set for Basic Web Protection?

Updated on 2025-10-21 GMT+08:00

View PDF

Which Protection Levels Can Be Set for Basic Web Protection?

Basic Web Protection has three protection levels. The default protection level is Medium. The protection levels are as follows:

Default rule set (loose): Only requests with obvious attack characteristics are blocked.
If a large number of false alarms are reported, the loose one is recommended.
Default rule set (medium) (default): meets web protection requirements in most scenarios.
If basic web protection is enabled, the protection level is medium by default.
Default rule set (strict): At this level, WAF provides the finest granular protection and can block attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks.
To let WAF defend against more attacks but make minimum effect on normal requests, observe your workloads for a period of time first. Then, configure a global protection whitelist rule and select the tight level.

For details about basic web protection, see Configuring Basic Web Protection Rules.

Parent topic: Protection Rules

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.