Checks whether a specified protection mode is enabled for a specified protection module on a domain name protected by Web Application Firewall (WAF). If the mode is enabled, the configuration is considered compliant.
Scenarios
Enable the specified protection mode of a protection module for a WAF-protected domain name to improve domain security.
Risk level
Default risk level: high.
You can change the risk level based on your business requirements.
Compliance evaluation logic
- If the specified protection mode of a specified protection module is enabled for a domain name, the configuration is considered compliant.
- If the specified protection mode of a specified protection module is disabled for a domain name, the configuration is considered non-compliant. For more information about how to remediate the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | waf-domain-enabled-specified-protection-mode |
| Rule ID | waf-domain-enabled-specified-protection-mode |
| Tag | WAF and Domain |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | All day |
| Supported resource type | Domain name |
| Input parameter |
|
Non-compliance remediation
Enable the specified protection mode of a specified protection module for a WAF-protected domain name. For more information, see Overview.