Basic web protection uses a built-in rule group to defend your web applications against common web attacks, including SQL injection, cross-site scripting (XSS), web shell attacks, command injection, backdoor attacks, unauthorized file access, path traversal, and common vulnerability exploits.
Prerequisites
Web Application Firewall (WAF) is enabled. For more information, see Getting started with WAF (new edition).
The domain name that you want to protect is added to WAF. For more information, see Add a domain name for protection.
Default rule group
Basic web protection provides a built-in default rule group named Default_WafGroup_Rule. This rule group is enabled by default for all domain names added to WAF, with the action set to Block.
When WAF detects that a request matches a rule in this group, WAF blocks the request and returns a block page (an error response page) to the client.
Best practice: The first time that you configure a rule, you can set the Action parameter to Monitor to check the protection performance of the rule and whether legitimate requests are blocked. Then, you can determine whether to set the Action parameter to Block based on the check results.
Protected attack types
The built-in rule group protects against the following types of attacks:
| Attack type | Description |
|---|---|
| SQL injection | Attempts to execute malicious SQL statements through user input fields. |
| Cross-site scripting (XSS) | Injection of malicious scripts into web pages viewed by other users. |
| Web shell attacks | Upload or execution of unauthorized server-side scripts that provide remote access. |
| Command injection | Execution of arbitrary system commands through vulnerable application interfaces. |
| Backdoor attacks | Detection of backdoor programs that provide unauthorized access to the server. |
| Unauthorized file access | Requests for files that should not be publicly accessible. |
| Path traversal | Attempts to access files outside the intended directory by using sequences such as ../. |
| Common vulnerability exploits | Attacks that target known vulnerabilities in web applications and frameworks. |
Create a basic web protection policy
Log on to the DCDN console.
In the left-side navigation pane, choose WAF > Protection Policies.
On the Protection Policies page, click Create Policy.
On the Create Policy page, configure the following parameters.
Section Parameter Description Policy Information Policy Type Select Basic Web Protection. Policy Name Enter a name for the policy. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). Make Default Turn on this switch to set the current policy as the default policy for basic web protection. You can specify only one default policy per policy type. After you specify a default policy, you cannot change the default policy. If a default policy has already been specified for the current policy type, this switch is unavailable. Rule Information Rule Group Type Select the type of rule group: Default uses the built-in rule group provided by Alibaba Cloud Security. Custom uses a custom rule group that you configure. Rule Select the action to perform when a request matches the rules: Block blocks the matching request and returns a block page to the client. Monitor does not block the request that matches the rule. Protected Domain Names Protected Domain Names Select the domain names to associate with this policy. A domain name can be associated with only one basic web protection policy at a time. If a domain name is already associated with another basic web protection policy, the domain name is moved to the current policy. Click Create Policy.
The policy is enabled by default after creation.
Manage basic web protection policies
After you create a basic web protection policy, you can click Modify to modify the rule that is configured for the policy or click Delete to delete the rule in the Actions column on the Protection Policies page. For example, you can click Modify to change the value of the Action parameter from Block to Monitor.
