Web Application Firewall:Configure a whitelist for Data Security

Prerequisites

Before you begin, ensure that you have:

• A purchased WAF instance

• A website added to WAF. See Tutorial

Background

Data Security protects your website against page content tampering and data leaks, ensuring the integrity and confidentiality of your website data. It includes three detection modules:

• Website Tamper-proofing

• Data Leakage Prevention

• Account Security

When any of these modules is enabled, normal access requests may occasionally be blocked by mistake. To allow those requests through, create a whitelist rule that targets the affected module.

Create a whitelist rule

1. Log on to the WAF console.

2. In the top navigation bar, select the resource group and the region where your WAF instance is deployed. Available regions: Chinese Mainland and Outside Chinese Mainland.

3. In the left-side navigation pane, choose Protection Configurations > Website Protection.

4. At the top of the Website Protection page, select the domain name from the Switch Domain Name drop-down list.

   

5. Click the Web Security tab, find the Data Security section, and click Settings.

6. On the Data Security Control - Whitelisting page, click Create Rule.

7. In the Create Rule dialog box, configure the following parameters.

   Parameter	Description
   Rule name	Enter a name for the rule.
   Matching Condition	Define when the rule applies. Click Add rule to add more conditions. Up to five conditions are allowed. The rule triggers only when all conditions are met. For available fields, see Fields in match conditions.
   Bypassed Modules	Select the Data Security modules to bypass. Options: Data Leakage Prevention, Website Tamper-proofing, Account Security.

8. Click Save.

After the rule is created, it is automatically enabled. View, disable, edit, or delete rules in the rule list on the Data Security Control - Whitelisting page.

References

Fields in match conditions