Basic web protection uses the built-in protection rule set to defend against common web attacks. The attacks include SQL injection, cross-site scripting (XSS) attacks, webshells, command injection, backdoor isolation, invalid file requests, path traversal, and exploitation of common vulnerabilities.
Prerequisites
Web Application Firewall (WAF) is enabled. For more information, see Getting started with WAF (new edition).
The domain name that you want to protect is added to WAF. For more information, see Add a domain name for protection.
Default rules for basic web protection
Basic web protection provides a built-in basic protection rule set (Default_WafGroup_Rule). Default_WafGroup_Rule is used to protect against common web application attacks.
By default, the default rule set is enabled and the Block action is used. The new domain names that are added to WAF are protected by the default rule set of basic web protection. If WAF detects that a request matches a basic protection rule, WAF blocks the request and returns a block page to the client that sent the request.
Create a basic web protection policy
Log on to the DCDN console.
In the left-side navigation pane, choose .
On the Protection Policies page, click Create Policy.
On the Create Policy page, configure the parameters. The following table describes the parameters.
Section
Parameter
Description
Policy Information
Policy Type
The type of the protection policy. Select Basic Web Protection.
Policy Name
The name of the protection policy. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).
Make Default
Specifies whether the current policy is the default policy of the current policy type.
NoteYou can specify only one default policy for each policy type. After you specify a default policy, you cannot change the default policy.
If you have specified the default policy for the current policy type, this switch is unavailable.
Rule Information
Rule Group Type
The type of the rule group that is used to protect against attacks.
Default: the built-in rule group of Alibaba Cloud Security.
Custom: a custom rule group.
Rule
The action that you want to perform on requests when WAF detects attacks.
Block: blocks requests that match the rule and returns a block page to the client.
Monitor: does not block the request that matches the rule.
The first time that you configure a rule, you can set the Action parameter to Monitor to check the protection performance of the rule and whether legitimate requests are blocked. Then, you can determine whether to set the Action parameter to Block based on the check results.
Protected Domain Names
Protected Domain Names
The domain name that you want to associate with the current protection policy.
NoteYou can associate a protected domain name with only one protection policy of the same policy type.
If the domain name is associated with another protection policy of the same type, the domain name is associated with the current policy after you configure the current policy for the domain name.
Click Create Policy.
By default, the protection policy that you created is enabled.
Manage basic web protection policies
After you create a basic web protection policy, you can click Modify to modify the rule that is configured for the policy or click Delete to delete the rule in the Actions column in the protection policy list. For example, you can click Modify to change the value of the Action parameter from Block to Monitor.