Updated on 2025-08-05 GMT+08:00
Protective Action
Description
The protective action you specify here is only used for this rule.
- Block: Requests that hit the rule will be blocked and a block response page is returned to the client that initiates the requests. By default, WAF uses a unified block response page. You can also customize this page.
- Allow: Requests that hit the rule are forwarded to backend servers.
- Log only: Requests that hit the rule are not blocked, but will be logged. You can use WAF logs to query requests that hit the current rule and analyze the protection results of the rule. For example, check whether there are requests that are blocked mistakenly.
- JS Challenge: WAF returns a piece of JavaScript code that can be automatically executed by a normal browser to the client. If the client properly executes the JavaScript code, WAF allows all requests from the client within a period of time (30 minutes by default). During this period, no verification is required. If the client fails to execute the code, WAF blocks the requests.
- The cloud load balancer access mode does not support this protective action.
- If the referer in the request is different from the current host, the JS challenge does not work.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
