You can use default protection rule groups provided by WAF to tailor your rule groups for a specific protection feature, such as web application protection, known as RegEx Protection Engine in the current version. If the default protection rule groups cannot meet your business requirements, we recommend that you customize protection rule groups to protect your website.

Prerequisites

A WAF instance that uses the subscription billing method is activated. The instance is one of the following instances:
  • A WAF instance of the Business or Enterprise Edition in mainland China
  • A WAF instance of the Enterprise Edition outside mainland China

Background information

You can customize protection rule groups for only the web application protection feature. For more information about this feature, see Configure the RegEx Protection Engine.

Use a custom rule group

Follow the following process to use a custom rule group:
  1. Create a rule group: Create a custom rule group for a specific protection feature.
  2. Apply the rule group: Apply the created rule group to your website.

Create a rule group

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose System Management > Protection Rule Group.
  4. Optional:On the Protection Rule Group page, click the tab that contains the target protection feature.
    Note You can skip this step because only the web application protection feature supports protection rule groups. You are directly redirected to the Web Application Protection tab.
    The Web Application Protection tab displays the default and custom rule groups.
    • Default rule group: includes Loose rule group, Medium rule group, and Strict rule group.
      You can click numbers in the Built-in Rule Number column to view information about the default rules.Built-in rule number
      Note Default rule groups cannot be edited or deleted.
    • Custom rule group: You can create a rule group on the Protection Rule Group page.
  5. Click Create Rule Group.
    Note You can create up to 10 rule groups for the web application protection feature.
  6. Complete the Create Rule Group wizard.
    1. Specify rule information. Configure the following parameters and click Next: Apply to Websites.Create Rule Group
      Parameter Description
      Rule Group Name Enter a name for the rule group.

      The rule group name is used to identify the rule group. We recommend that you enter an informative name.

      Rule Group Template Select a rule group template from which you want to select rules for the rule group. Valid values:
      • Strict rule group: contains 1,068 rules by default.
      • Moderate rule group: contains 1,039 rules by default.
      • Loose rule group: contains 1,031 rules by default.

      Different rule group templates contain different rules. After you select the rule group template and turn on Automatic Update, each time a rule in the rule group template is updated, the rule is also updated in the created rule group.

      Description Enter a description for the rule group.
      Automatic Update If you turn on this switch, each time a rule in the rule group template is updated, the rule is also updated in the created rule group.
      Note Some custom rule groups that you created before this time point do not support the Automatic Update function. In this case, we recommend that you create rule groups to replace these rule groups.
      Select Rule The Selected Rules tab list all rules in the rule group template that you select. You need to select rules that are not applicable or may cause false positives and then click Remove Selected Rules.
      You can use the filter or search function to find target rules. You can filter rules by Protection Type, Application Type, or Risk Level or enter a rule name or ID to search for a rule.
      • Risk Level: indicates the risk level of web attacks that are defended against. Valid values: High, Medium, and Low.
      • Protection Type: indicates the web attack type. Valid values: SQL Injection, Cross-Site Script, Code Execution, CRLF, Local File Inclusion, Remote File Inclusion, Webshell, CSRF, and Others.
      • Application Type: indicates the type of the protected web application. Valid values: Common, Wordpress, Dedecms, Discuz, Phpcms, Ecshop, Shopex, Drupal, Joomla, Metinfo, Struts2, Spring Boot, Jboss, Weblogic, Websphere, Tomcat, Elastic Search, Thinkphp, Fastjson, ImageMagick, PHPwind, phpMyAdmin, and Others.
      Note If you do not want to apply a rule group immediately after you create it, click Save. You can edit the group again after you complete the step.
    2. Optional:Apply to websites. Select the websites to which you want to apply the new rule group from the Websites not Added to WAF section and add them to the Websites Added to WAF section.
      Notice You must apply one rule group to each website.
      Apply to Website
    3. Click Save.
    You can view the new rule group in the rule group list and choose the websites to which you want to apply the rule group. For more information, see Apply the rule group.

    After you create the rule group, you can view the creation time of a rule group in the Updated On column on the Protection Rule Group page and determine whether or not to update the rule group.

Apply the rule group

After you create a custom rule group, you can apply it in one of the following ways:
  • On the Protection Rule Group page, apply the rule group to websites. The following steps are provided for this scenario.
  • On the Website Protection page, select the custom rule group from the Protection Rule Group drop-down list in the RegEx Protection Engine section.Protection Rule Group

    For more information, see Configure the RegEx Protection Engine.

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose System Management > Protection Rule Group.
  4. Optional:On the Protection Rule Group page, click the tab that contains the target protection feature.
    Note You can skip this step because only the web application protection feature supports protection rule groups. You are directly redirected to the Web Application Protection tab.
  5. In the Protection Rule Group list on the Web Application Protection tab, find the rule group that you want to apply and click Apply to Website in the Action column.
  6. On the Apply to Website page, select the websites to which you want to apply the rule group from the Websites not Added to WAF section and add them to the Websites Added to WAF section, and click Save.
    Notice You must apply one rule group to each website.
    Apply to Website
    After you complete the operation, you can view the domain name of the website in the Website column on the Protection Rule Group page.Websites

References

You can perform the following operations on the created rule group on the Protection Rule Group page:

  • Copy: allows you to copy the configurations of the rule group.

    The following figure shows the Copy Rule Group page. On this page, you can modify Rule Group Name, Description, and Automatic Update, but cannot modify Rule Group Template and rule settings. If you need to modify the rule settings, we recommend that you copy the rule group and modify the rule settings in the copied rule group.

    Create Rule Group-Copy
    Note Some custom rule groups that you created before this time point cannot be copied because they do not support automatic rule update. In this case, we recommend that you create rule groups to replace these rule groups.
    Rule groups that cannot be copied
  • Edit: allows you to modify the name, description, and rule settings of the rule group. Default rule groups cannot be edited.
  • Delete: allows you to delete the rule group. Default rule groups cannot be deleted.

    Before you delete a custom rule group, make sure that it is not applied to any website. If the rule group is applied to a website, apply a different rule group to the website before you delete the rule group.