Status |
The status of the protection rules engine. By default, the protection rules engine
is enabled after you add a website to WAF.
Note After the protection rules engine is enabled, all requests destined for the website
are checked by the engine. You can configure a whitelist in the Web Intrusion Prevention
section to allow the requests that meet the rule to bypass the check. For more information,
see Configure a whitelist for Web Intrusion Prevention.
|
Mode |
The action on requests when WAF detects attacks. Valid values:
- Block: blocks requests.
- Warn: triggers alerts but does not block requests.
|
Protection Rule Group |
The protection rule group that you want to apply. Built-in rule groups and custom
rule groups are both supported. WAF provides the following built-in rule groups:
- Medium rule group: detects common web application attacks in a standard way. This rule group is applied
by default.
- Strict rule group: detects web application attacks, such as path traversals, SQL injections, and command
injections, in a strict way.
- Loose rule group: detects common web application attacks in a loose way. If you encounter a high false
positive rate when you apply the medium rule group or your business has a high amount
of uncontrollable user input, such as rich text editors and technical forums, we recommend
that you select this loose rule group.
You can click Settings to go to the Protection Rule Group page. On this page, you can create custom rule groups or select built-in rule groups
based on your business requirements. For more information, see Customize protection rule groups.
|
Decoding Settings |
The data formats that you want the protection rules engine to decode and analyze.
To ensure high performance, the protection rules engine decodes and analyzes the request
data of all formats by default. If the protection rules engine blocks normal requests
that contain data of specific formats, you can clear the formats to reduce the false
positive rate.
Procedure
- Unfold the configuration menu.

- Select or clear the formats that you want to decode.
- The following formats cannot be cleared: URL Decoding, JavaScript Unicode Decoding, Hex Decoding, Comment Processing, and Space Compression.
- The following formats can be cleared: Multipart Data Parsing, JSON Data Parsing, XML Data Parsing, Serialized PHP Data Decoding, HTML Entity Decoding, UTF-7 decoding, Base64 Decoding, and Form Data Parsing.
- Click Confirm.
|