All Products
Search
Document Center

Cloud Config:cfw-ips-basicrules-on

Last Updated:Jun 17, 2026

Checks whether basic protection is enabled for the intrusion prevention system (IPS) of Cloud Firewall. If basic protection is enabled, the evaluation result is Compliant. Basic protection guards against common intrusions such as command execution vulnerability exploits and manages connections from compromised hosts to command-and-control (C&C) servers.

Scenarios

Enable basic protection for the IPS of Cloud Firewall in internet-facing services to monitor and block common intrusion attempts and malicious traffic in real time, helping maintain a secure and stable runtime environment.

Risk level

Default risk level: medium.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

Basic protection for the IPS of Cloud Firewall guards against common intrusions such as command execution vulnerability exploits and manages connections from compromised hosts to a C&C server. If Cloud Firewall is used but basic protection is disabled, the evaluation result is Non-compliant.

Rule details

Parameter

Description

Rule template name

cfw-ips-basicrules-on

Rule template identifier

cfw-ips-basicrules-on

Automatic remediation

ACS-Cloudfw-ModifyIPSConfig supported

Trigger type

Periodic: Every 24 hours

Supported resource type

ACS::::Account

Input parameter

None

Non-compliance remediation

For more information, see IPS configuration.