Configuring a Traffic Identifier for a Known Attack Source

WAF allows you to configure traffic identifiers by IP address, session, or user tag to block possibly malicious requests from known attack sources based on IP address, Cookie, or Params.

If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure known attack source traffic identifiers for the domain names.

Prerequisites

You have connected the website you want to protect to WAF.

Constraints

If the IP address tag is configured, ensure that the protected website has a layer-7 proxy configured in front of WAF and that Use Layer-7 Proxy is set to Yes for the protected website.
If the IP address tag is not configured, WAF identifies the client IP address by default.
Before enabling cookie- or params-based known attack source rules, configure a session or user tag for the corresponding website domain name.

Traffic identifier for a known attack source

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
In the navigation pane on the left, choose Website Settings.
In the Domain Name column, click the domain name of the target website to go to the basic information page.

In the Traffic Identifier area, click

next to IP Tag, Session Tag, or User Tag and configure a traffic identifier by referring to Table 1.

Figure 1 Traffic Identifier

**Table 1** Traffic identifier parameters
Tag	Description	Example Value
IP Tag	HTTP request header field of the original client IP address. Ensure that the protected website has a layer-7 proxy configured in front of WAF and that Use Layer-7 Proxy under the website basic information settings is set to Yes for this parameter to take effect. This field is used to store the real IP address of the client. You can customize the field name and configure multiple fields (separated by commas). After the configuration, WAF preferentially reads the configured field to obtain the real IP address of the client. If multiple fields are configured, WAF reads the IP address from left to right. NOTICE: If you want to use a TCP connection IP address as the client IP address, set IP Tag to $remote_addr. If WAF does not obtain the real IP address of a client from fields you configure, WAF reads the cdn-src-ip, x-real-ip, x-forwarded-for, and $remote_addr fields in sequence to read the client IP address.	X-Forwarded-For
Session Tag	This tag is used to block possibly malicious requests based on the cookie attributes of an attack source. Configure this parameter to block requests based on cookie attributes.	jssessionid
User Tag	This tag is used to block possibly malicious requests based on the Params attribute of an attack source. Configure this parameter to block requests based on the Params attributes.	name

Click Confirm.

Related Operations

Configuring a Known Attack Source Rule to Block Specific Visitors for a Specified Duration

Parent Topic: Recommended Configurations After Website Connection

Previous topic: Enabling Break Protection to Protect Origin Servers

Next topic: Forwarding Custom Header Fields

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot