This topic describes best practices for using RegEx Protection Engine provided by Web Application Firewall (WAF).
WAF protects your website against web attacks, such as SQL injection, XSS attacks, remote code execution, and webshell attacks. For more information about web attacks, see Definitions of common web vulnerabilities.
- Status: Turn on or off the switch to enable or disable the RegEx Protection Engine function. This function is enabled by default.
- Mode: Specify the actions that you want WAF to take on attack requests when the attack requests are detected. Valid values:
- Block: WAF automatically blocks attack requests and logs attacks in the backend.
- Warn: WAF does not block attack requests but logs attacks in the backend.
- Protection Rule Group: Specify a set of protection rules that you can apply. Valid values:
Note These settings take effect only when you enable RegEx Protection Engine.
- Medium rule group: blocks common web application attacks by using a standard way. These attacks can bypass protection policies.
- Strict rule group: blocks web application attacks by using a strict way. These attacks can bypass complex protection policies.
- Loose rule group: blocks common web application attacks.
If you are using WAF Business or Enterprise in mainland China or WAF Enterprise in regions outside mainland China, you can customize protection rule groups. The custom rule groups combine all protection rules provided by WAF and provide specific protection policies for your website. For more information, see Customize protection rule groups.
- If you are not clear about the characteristics of your business traffic, we recommend that you set Mode to Warn. After one or two weeks, analyze the attack logs in this mode.
- If the attack logs show that normal traffic is not blocked, you can set Mode to Block.
- If the attack logs show that normal traffic is blocked, you can contact an Alibaba Cloud security expert to resolve the issue.
- If you add phpMyAdmin and development technology forums to WAF for protection, WAF may block normal requests. If this occurs, we recommend that you contact an Alibaba Cloud security expert to resolve this issue.
- You need to pay attention to the following issues:
- Do not use special keywords (such as UPDATE and SET) in the path for normal business URLs, such as
- Do not upload files that exceed 50 MB by using a browser. We recommend that you upload the files by using OSS or other methods. For more information about how to use OSS, see Get started with Object Storage Service.