The Web application firewall provides different levels of protection policies, including loose, normal, and strict, to prevent common Web application attacks such as SQL injection and XSS cross-site attacks.
Follow these steps to configure the Web Application Protection policy.
Log on to the Web application firewall console and access the Website Configuration page.
Click Policies under the Operation column of the target domain name.
Check the Protection mode under Web Application Protection and select a policy from the Mode of protection policy drop-down box.
When selecting the policy, follow these recommendations:
- By default, the Normal mode is selected.
- When you find that many requests are intercepted by mistake under the normal mode or many uncontrollable user inputs (for example, rich text editor and technology forum) exist in your web service, we recommend that you use the Loose mode.
- When you require stricter protection against path traversal, SQL injection, and command running attacks, we recommend that you use the Strict mode.