After you add a website to Web Application Firewall (WAF), you can enable the website
tamper-proofing function to protect the website from website defacement. Website tamper-proofing
helps you lock specific web pages, such as those that contain sensitive information.
When a locked web page is requested, the page cached in WAF is returned. This prevents
web pages from being maliciously modified. You can customize website tamper-proofing
rules as needed.
Procedure
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs
and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.

- Click the Web Security tab and find the Website Tamper-proofing section. Then, turn on Status and click Settings.
Note
- You must enable website tamper-proofing before you create protection rules.
- After website tamper-proofing is enabled, all requests destined for your website are
checked by the function. You can configure a Data Security rule so that the requests
that match the rule bypass the check. For more information, see Configure a whitelist for Data Security.

- Create a tamper-proofing rule.
- On the Website Tamper-proofing page, click Add Rule.
- In the Add Rule dialog box, specify the Service Name and URL parameters of the web page that you want to protect.
- Service Name: Specify the name of the service that the web page provides.
- URL: Enter an exact path. Wildcard characters such as
/*
, or parameters such as /abc? xxx=
are not supported. Text data, HTML pages, and images under the specified path are
protected.

- Click Confirm.
After a tamper-proofing rule is created, it is disabled by default. You can find the
newly created rule in the rule list and
Protection Status of the rule is turned off.

- Enable the rule. Find the rule you want to enable in the rule list and turn on Protection Status.

After the rule is enabled, if the specified web page is requested, the page cached
in WAF is returned.
- Optional:Update cached data. Find the rule that is enabled in the rule list and click Refresh Cache in the Protection Status column.
Notice If the protected web page is updated, you must click Refresh Cache to update the data cached in WAF. If you do not update the cached data after a page
is updated, WAF returns the most recent page stored in the cache.