After you add a website to Web Application Firewall (WAF), you can configure a whitelist for web intrusion prevention. Then, the Protection Rules Engine and Big Data Deep Learning Engine do not detect the requests that are destined for the website if the requests meet specific conditions. Normal access requests may be blocked by web intrusion prevention based on specific rules. The whitelist can be used to allow this type of requests.

Prerequisites

Background information

Web intrusion prevention protects your website against common web attacks and zero-day vulnerabilities. It provides the following protection features:

After you enable the preceding protection features, normal access requests may be blocked. In this case, you can configure a whitelist. Then, the protection features do not detect the requests that meet specific conditions. We recommend that you configure a whitelist based on your business requirements.

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group and region to which the WAF instance belongs. The region can be Mainland China or International.
  3. In the left-side navigation pane, choose Protection Settings > Website Protection.
  4. In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist. Switch Domain Name
  5. Click the Web Security tab, find the Web Intrusion Prevention section, and then click Settings.
  6. Create a whitelist rule for web intrusion prevention.
    1. On the Web Intrusion Prevention - Whitelisting page, click Create Rule.
    2. In the Create Rule dialog box, configure the following parameters. Create Rule dialog box
      Parameter Description
      Rule name The name of the rule that you want to create.

      The name must be 1 to 50 characters in length and can contain letters and digits.

      Matching Condition The match condition based on which requests are allowed. Click Add rule to add more match conditions. You can add a maximum of five match conditions. If you specify multiple match conditions, the rule is matched only when all the match conditions are met.

      For more information about match conditions, see Fields in match conditions.

      Modules Bypassing Check The protection feature that does not detect requests that meet the specified conditions. Valid values: Protection Rules Engine and Big Data Deep Learning Engine.
      If you select Protection Rules Engine, All Rules is automatically selected. In this case, all rules in the protection rules engine are skipped for requests. You can also specify the rules or rule types that you want to skip based on your business requirements. To specify the rules or rule types, perform the following steps:
      1. Select Protection Rules Engine.
      2. Optional:If you want to skip specific rules, select IDs of Specific Rules and enter the IDs of the rules that you want to skip. IDs of Specific Rules

        To view the IDs of rules, you can click Create Rule Group on the Protection Rule Group page. The Create Rule Group page provides all the protection rules that are included in WAF. For more information, see Customize protection rule groups.

        Press Enter each time you enter a rule ID. You can enter a maximum of 50 rule IDs.

        Note You can also create a whitelist rule for a specific rule ID on the Security Report page. On the Web Intrusion Prevention tab of the page, find the rule ID that you want to manage and click Ignore False Positives in the Actions column. After you click Ignore False Positives, WAF automatically generates a whitelist rule based on the characteristics of attack requests. You do not need to manually configure match conditions or query rule IDs. For more information, see View security reports on the Web Security tab.
      3. Optional:If you want to skip specific types of rules, select Specific Types of Rules, select the rule types that you want to skip, and then click Confirm. The rule types include SQL injection, XSS, Code execution, CRLF, Local file inclusion, Remote file inclusion, webshell, CSRF, Attacks Triggering Custom Rules, and Other. Specific Types of Rules
    3. Click Save.
    After you create the whitelist rule, the whitelist rule is automatically enabled. You can view, disable, edit, or delete the rule in the rule list based on your business requirements.

References

Fields in match conditions