Threat intelligence provides information about suspicious IP addresses of dialers, on-premises data centers, and malicious scanners based on the powerful computing capabilities of Alibaba Cloud. This feature also maintains a dynamic IP library of malicious crawlers and prevents crawlers from accessing your site or specific directories.
- A Web Application Firewall instance that is deployed in a region inside mainland China and the Bot Manager feature are available.
- The website is associated with the Web Application Firewall instance. For more information, see Add domain names.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- Click the Bot Management tab and find the Bot Threat Intelligence section. Turn on the Status switch and click Settings.
- In the Bot Threat Intelligence rule list, find the target threat intelligence library by Intelligence Name, and turn on the Status switch.
The following table lists the bot threat intelligence libraries that are supported by WAF.
If you need to modify the default rule, such as the protected URL or action, see the following section on how to customize a threat intelligence rule.
- Optional:Customize a threat intelligence rule.
- Find the target rule, and click Edit in the Actions column.
- In the Edit Rule dialog box that appears, set the following parameters.
Parameter Description Protected Path
- URL: specifies the URL that you want to protect, such as /abc and /login/abc. You can also enter a single forward slash (/) to include all directories.
- Matching: specifies a condition for matching the URL.
- Precise Match: The destination URL must be an exact match of the protected URL.
- Prefix Match: The prefix of the destination URL matches the protected URL.
- Regular Expression Match: The destination URL matches the specified regular expression.
You can click Add Protected URL to add more URLs. You can add up to 10 URLs.
Action Specifies the action to be performed after the match conditions of the rule are met. Supported actions include:
- Monitor: allows the request to the destination directory and records the event.
- Block: blocks the request.
- Captcha: requires CAPTCHA verification on the client side. Requests are forwarded to the
destination directory only after they pass the verification.
Note CAPTCHA only supports synchronous requests. To verify asynchronous requests, such as Ajax requests, contact the Alibaba Cloud security team. If you cannot determine whether the protected URL supports CAPTCHA, we recommend that you create a custom protection policy, such as an ACL rule, to run a test.
- Strict Captcha: requires CAPTCHA verification on the client side. Requests are forwarded to the destination directory only after they pass the verification. CAPTCHA verification has a stricter standard to verify visitor identities.
- Click Confirm.