After you add a website to Web Application Firewall (WAF), HTTP flood protection targeting web pages is enabled by default. HTTP flood protection terminates connections to block HTTP flood attacks. You can adjust the protection policies of HTTP flood protection as needed.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- Click the Access Control/Throttling tab, and find HTTP Flood Protection in the Access Control/Throttling module to set the following parameters.
Parameter Description Status Enable or disable HTTP flood protection. Mode Specify the protection mode. Supported modes:
- Prevention: This mode only blocks suspicious requests and maintains a low false positive rate. We recommend that you apply this mode when no abnormal traffic is detected on the website to avoid false positives.
- Protection-emergency: This mode blocks a large number of requests and maintains a high false positive
rate. You can apply this mode if the Protection mode fails to block HTTP flood attacks
or if the website responds slowly and indicators such as traffic, CPU, and memory
Note You can only use the Protection-emergency mode to protect web pages and HTML5 pages. This mode is not suitable for APIs or native applications because a large number of false positives may occur. We recommend that you create custom protection policies for API or Native App scenarios. For more information, see Create a custom protection policy.
- If the Protection-emergency mode causes a high false negative rate, we recommend that you check whether the attacks come from WAF back-to-origin IP addresses. If attacks are directly launched on the origin server, you can change the settings to only allow requests from WAF back-to-origin IP addresses. For more information, see Configure protection for your origin server.
- If you need to reinforce protection and maintain a low false positive rate, you can create multiple custom protection policies. For more information, see Create a custom protection policy.