After you add a website to Web Application Firewall (WAF), you can configure a website whitelist to allow trusted access requests of the website to be directly routed to the origin server. Trusted access requests include requests from trusted vulnerability scan tools and trusted authenticated third-party system endpoints.
WAF provides multiple detection modules. If a website is added to WAF, all requests to this website are automatically detected by the modules that are enabled. To directly route trustworthy requests to your origin server, you can configure a website whitelist that allows the requests to bypass all detection modules of WAF.
- Whitelist for Web Intrusion Prevention: Trusted access requests are not detected by RegEx Protection Engine or Big Data Deep Learning Engine.
- Whitelist for Data Security: Trusted access requests are not detected by Data Leakage Prevention, Website Tamper-proofing, or Account Security.
- Whitelist for Bot Management: Trusted access requests are not detected by Bot Threat Intelligence, Data Risk Control, Intelligent Algorithm, or App Protection.
- Whitelist for Access Control/Throttling: Trusted access requests are not detected by HTTP Flood Protection, IP Blacklist, Scan Protection, or Custom Protection Policy.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- In the upper-right corner, click Website Whitelisting.
- Create a website whitelist.
After you create rules for the whitelist, the rules are automatically enabled. You can view created rules in the rule list. You can also disable, edit, or delete rules as required.
- On the Website Whitelisting page, click Create Rule.
- In the Create Rule dialog box, configure the following parameters.
Parameter Description Rule name Specify a name for the rule. Matching Condition Specify match conditions for the rule. Click Add rule to add more match conditions. A maximum of five match conditions are allowed. If you specify multiple match conditions, the rule is triggered only after all the match conditions are met.
For more information about match conditions, see Fields in match conditions.
- Click Save.