A protection rule group contains rules that are selected from the built-in protection rule set of Web Application Firewall (WAF) to implement a specific protection feature, such as web application protection, formally known as the RegEx Protection Engine. If the default protection rule groups cannot meet your business requirements, we recommend that you customize protection rule groups to protect your website.

Prerequisites

A WAF instance that uses the subscription billing method is activated. The instance is one of the following instances:
  • A WAF instance of the Business or Enterprise Edition in mainland China
  • A WAF instance of the Enterprise Edition outside China

Background information

You can customize protection rule groups only for the web application protection feature. For more information about this feature, see Configure the RegEx Protection Engine.

Use a custom rule group

Follow these steps to use a custom rule group:
  1. Create a rule group: Select rules from the built-in rule set of WAF to customize a custom rule group. The rule group provides protection policies for a specific protection feature.
  2. Apply the rule group: Apply the created rule group to your website.

Create a rule group

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose System Management > Protection Rule Group.
  4. Optional:On the Protection Rule Group page, click the tab that contains the target protection feature.
    Note You can skip this step because only the web application protection feature supports custom rule groups. You are directly redirected to the Web Application Protection tab.
    Default rule groups for web application protection

    The Web Application Protection tab lists the default and custom rule groups. The rule groups 1011 (Strict rule group), 1012 (Medium rule group), and 1013 (Loose rule group) are default rule groups.

    You can click numbers in the Built-in Rule Number column to view information about the default rules.Built-in rules
  5. Click Create Rule Group.
    Note You can create up to 10 rule groups for the web application protection feature.
  6. Follow these steps to create a rule group:
    1. Specify rule information. Configure the following parameters and click Next: Apply to Websites.Create Rule Group
      Parameter Description
      Rule Group Name Enter a name for the rule group.

      The rule group name is used to identify the rule group. We recommend that you enter an informative name.

      Rule Group Template Select the rule group template from which you want to select rules for the rule group. Valid values:
      • Strict rule group
      • Medium rule group
      • Loose rule group

      Different rule group templates contain different rules. After you select the rule group template, you can select rules from the template.

      Description Enter a description for the rule group.
      Automatic Update If you turn on this switch, each time a rule in the rule group template is updated, the rule is also updated in the created rule group.
      Select Rule Select rules from the rule group template and add them to the current rule group.
      You can use the filter or search function to find target rules. You can filter rules by Protection Type, Application Type, or Risk Level or enter a rule name or ID to search for a rule.
      • Risk Level: indicates the risk level of web attacks that are defended against. Valid values: High, Medium, and Low.
      • Protection Type: indicates the web attack type. Valid values: SQL Injection, Cross-Site Script, Code Execution, CRLF, Local File Inclusion, Remote File Inclusion, Webshell, CSRF, and Others.
      • Application Type: indicates the type of the protected web application. Valid values: Common, Wordpress, Dedecms, Discuz, Phpcms, Ecshop, Shopex, Drupal, Joomla, Metinfo, Struts2, Spring Boot, Jboss, Weblogic, Websphere, Tomcat, Elastic Search, Thinkphp, Fastjson, ImageMagick, PHPwind, phpMyAdmin, and Others.
      Note If you do not want to apply a rule group immediately after you create it, click Save.
    2. Optional:Apply to websites. Select the websites to which you want to apply the new rule group from the Websites not Added to WAF pane and add them to the Websites Added to WAF pane.
      Notice You must apply one rule group to each website.
      Apply to Website
    3. Click Save.
    You can view the new rule group in the rule group list and choose the websites to which you want to apply the rule group. For more information, see Apply the rule group.

Apply the rule group

After you create a custom rule group, you can apply it in one of the following ways:
  • On the Protection Rule Group page, apply the rule group to websites. The following steps are provided for this scenario.
  • On the Website Protection page, select the custom rule group for a protection feature.

    For example, when you configure the web application protection feature, select the custom rule group from the Protection Rule Group drop-down list. For more information, see Configure the RegEx Protection Engine.

    Protection Rule Group
  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose System Management > Protection Rule Group.
  4. Optional:On the Protection Rule Group page, click the tab that contains the target protection feature.
    Note You can skip this step because only the web application protection feature supports custom rule groups. You are directly redirected to the Web Application Protection tab.
  5. In the Protection Rule Group list on the Web Application Protection tab, find the rule group that you want to apply and click Apply to Website in the Action column.
  6. On the Apply to Website page, select the websites to which you want to apply the rule group from the Websites not Added to WAF pane and add them to the Websites Added to WAF pane, and click Save.
    Notice You must apply one rule group to each website.
    Apply to Website
    After you complete the operation, you can view the domain name of the website in the Website column on the Protection Rule Group page.Websites

What to do next

You can perform the following operations on the created rule group on the Protection Rule Group page:

  • Copy: allows you to copy the configurations of the rule group.

    The following figure shows the Copy Rule Group page. On this page, you can modify Rule Group Name, Description, and Automatic Update, but cannot modify Rule Group Template and rule settings. If you need to modify the rule settings, we recommend that you copy the rule group and modify the rule settings in the copied rule group.

    Create Rule Group-Copy
    Note Some custom rule groups of old versions cannot be copied because they do not support automatic rule update. In this case, we recommend that you create rule groups to replace these rule groups.
    Rule groups that cannot be copied
  • Edit: allows you to modify the name, description, and rule settings of the rule group.
    Note Default rules cannot be edited.
  • Delete: allows you to delete the rule group.
    Note Default rules cannot be deleted.

    Before you delete a custom rule group, make sure that it is not applied to any website. If the rule group is applied to a website, apply another rule group to the website before you delete the rule group.