After you add a website to WAF, its website protection policies filter all the access requests by default. The website whitelist allows access requests that match specified conditions. These access requests are directly returned to the origin site instead of being filtered by the WAF website protection policies.
The WAF website protection policies include modules such as web intrusion prevention, access control and throttling, data security, advanced protection, and bot management. Access requests that match specified conditions in the whitelist skip all detection modules. The website whitelist is used to allow trusted access requests, such as access requests from trusted vulnerability scan tools and trusted authenticated third-party system endpoints.
- Configure the web intrusion prevention whitelist
- Configure the access control and throttling whitelist
- Configure the data security whitelist
- Configure the bot management whitelist
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- Click Website Whitelisting in the upper-right corner.
- Create a website whitelist.
After you create rules for the website whitelist, they are automatically enabled. You can view newly created rules in the rule list and disable, edit, or delete rules as needed.
- On the Website Whitelisting page, click Create Rule.
- In the Add Rule dialogue box that appears, set the following parameters.
Parameter Description Rule name Specify a name for the rule. Matching Condition Specify the match conditions of the whitelist rule. Click Add rule to add more conditions. You can specify a maximum of five conditions. If you have set multiple conditions, the rule is matched only after all of them are met.
For more information about match conditions, see Fields of match conditions.
- Click Save.