Help Center/ Web Application Firewall/ User Guide (ME-Abu Dhabi Region) / FAQs/ Protection Rule Configuration/ CC Attack Protection Rules/ Why Cannot the Verification Code Be Refreshed When Verification Code Is Configured in a CC Attack Protection Rule?
Updated on 2024-03-14 GMT+08:00

Why Cannot the Verification Code Be Refreshed When Verification Code Is Configured in a CC Attack Protection Rule?

Symptom

After you add a CC attack rule with Protective Action set to Verification code on WAF, the verification code cannot be refreshed and the verification fails when the website is requested. Figure 1 shows an example.

Figure 1 Verification failed

After Verification code is configured, a verification code is required when the number of requests exceeds the maximum limit within a specified period. Upon completing the verification, the access limit is lifted.

For details, see Configuring CC Attack Protection Rules.

Possible Causes

When a domain name is connected to both WAF and Content Delivery Network (CDN), and the value for Path of the CC attack protection rule contains a static page, the static page is cached by CDN. As a result, the verification code cannot be refreshed and the verification fails.

Handling Suggestions

In CDN, configure cache policies to bypass the cache for static URLs.

After the configuration is complete, it takes 3 to 5 minutes for the configured cache policies to take effect.

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Content Delivery & Edge Computing > Content Delivery Network.
  4. In the navigation pane, choose Domains.
  5. In the Domain Name column, click the name of the target domain name.
  6. Click the Cache Settings tab and click Edit.
  7. In the displayed Configure Cache Policy dialog box, click Add below the policy list and add two cache policy rules by referring to Table 1.

    Figure 2 Configure Cache Policy
    Table 1 Parameters for configuring static URL cache policy

    Parameter

    Configuration Description

    Type

    Select Full path.

    Content

    The content of the two policies to be added are as follows:

    • /verifydwhzqcp-captcha
    • /getdwhzqcp-captcha.jpg

    Priority

    Set the two policies to the highest priority.

    Maximum Age

    Set this parameter to 0 seconds, indicating that static URLs are not cached.

  8. Click OK.

    Figure 3 Configured cache policies

    After the configuration is complete, it takes 3 to 5 minutes for the configured cache policies to take effect.