After you set up Web Application Firewall (WAF) for a website, you can enable the tamper-proofing feature to protect the website from website defacement. Tamper-proofing helps you lock specific web pages, such as those that contain sensitive information. When a locked web page is requested, the page cached in WAF is returned. This prevents web pages from being maliciously modified. You can customize tamper-proofing rules as needed.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- Click the Web Security tab and find Website Tamper-proofing in the Data Security section. Turn on the Status switch and click Settings.
Note You must enable tamper-proofing before you can create protection rules.
- Create a tamper-proofing rule.
After a tamper-proofing rule is created, it is disabled by default. You can find the newly created rule in the rule list, and the Protection Status of the rule is disabled.
- On the Website Tamper-proofing page, click Add Rule.
- In the Add Rule dialog box that appears, specify the Service Name and URL of the web page that you need to protect.
- Service Name: Specify the name of the service that the web page provides.
- URL: Enter the exact path. Wildcard characters such as
/*, or parameters such as
/abc? xxx=are not supported. Text data, HTML pages, and images under the specified path are protected.
- Click Confirm.
- Enable the rule. Find the target rule in the rule list, and turn on the Protection Status switch.
After a rule is enabled, if the specified web page is requested, the page cached in WAF is returned.
- Optional:Update cached data. Find the target rule enabled in the rule list, and click Refresh Cache in the Protection Status column.
Notice If the protected web page is updated, you must click Refresh Cache to update the data cached in WAF. If you do not update the cached data after a page is updated, WAF returns the most recent page stored in the cache.