How do I configure a whitelist for a detection request if the detection request is mistakenly identified as an attack or a crawler?
When you use site monitoring in Cloud Monitor, requests from detection points may occasionally be closed by the peer (connection reset by peers). If the destination IP address belongs to a firewall, the firewall security policy may have mistakenly identified the detection request as an attack or crawler. In this case, configure a whitelist for the detection requests.
Solution
Check the firewall logs to determine whether a detection request is mistakenly identified as an attack or crawler. If so, configure a whitelist for the detection requests on the firewall.
The following methods show how to configure a whitelist for detection requests on Web Application Firewall (WAF):
-
Add custom HTTP request headers to the whitelist
Add custom HTTP request headers to the WAF whitelist so that requests with the specified headers bypass the security policy. Then, add the same header fields to the corresponding Cloud Monitor detection tasks. Detection requests from Cloud Monitor will then include the whitelisted headers and will no longer be blocked by WAF.
-
Add the source IP address for the specified request to the whitelist
Add the IP address of the Cloud Monitor detection point to the WAF whitelist. You can call the DescribeSiteMonitorISPCityList operation to query the IPv4 and IPv6 addresses of detection points for all carriers. Query results are updated hourly.
NoteCloud Monitor may add or disable detection points over time, which changes the IP addresses. We recommend that you query the IP addresses regularly.