Checks whether the specified protection mode of a specified protection module is enabled for a domain name that is protected by Web Application Firewall (WAF). If this mode is enabled, the configuration is considered compliant.
Scenarios
You can enable the specified protection mode of a protection module for a domain name that is protected by WAF. This helps you improve the security of the domain name.
Risk level
Default risk level: high.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the specified protection mode of a specified protection module is enabled for a domain name, the configuration is considered compliant.
- If the specified protection mode of a specified protection module is disabled for a domain name, the configuration is considered non-compliant. For more information about how to remediate the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | waf-domain-enabled-specified-protection-mode |
| Rule ID | waf-domain-enabled-specified-protection-mode |
| Tag | WAF and Domain |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | All day |
| Supported resource type | Domain name |
| Input parameter |
|
Non-compliance remediation
Enable the specified protection mode of a specified protection module for a domain name that is protected by WAF. For more information, see Overview.