After you add your website to WAF, you can configure a Data Security whitelist to allow requests that meet specific conditions to bypass detection by designated modules, such as Data Leakage Prevention, Website Tamper-proofing, and Account Security. You can use a whitelist to allow legitimate business requests that are incorrectly blocked by Data Security rules.
Prerequisites
-
You have activated a Web Application Firewall instance.
-
Your website has been added to WAF. For more information, see Tutorials.
Background information
Data Security protects your website's responses against content tampering and data leaks to ensure data integrity and confidentiality. It includes the following detection modules:
If these modules incorrectly block legitimate website requests after you enable them, you can configure a Data Security whitelist to allow requests that meet specific conditions to bypass inspection by the designated modules.
Define more specific conditions for your rules to ensure that only legitimate requests bypass inspection.
Procedure
-
Log on to the Web Application Firewall console.
-
In the top menu bar, select the resource group and region for your Web Application Firewall instance (Chinese Mainland or Outside Chinese Mainland).
-
In the left navigation pane, choose .
-
On the Website Protection page, switch to the domain name to configure.

Click the Web Security tab, locate the Data Security section, and then click Configure Now.
Create a Data Security whitelist rule.
On the Data Security - Whitelist page, click Create.
In the Create Rule dialog box, configure the following parameters.

Parameter
Description
Rule Name
Enter a name for the rule.
Match Condition
Define the conditions that a request must meet to match the rule. Click Add Condition to specify up to five conditions. If you specify multiple conditions, a request must meet all of them to match.
For more information about the fields, see Fields in match conditions.
Bypassed Modules
Select the detection modules to bypass if a request matches the conditions. The options are:
Data Leakage Prevention
Website Tamper-proofing
Account Security
Click Save.
The rule is enabled by default upon creation. It appears in the rule list, where you can disable, edit, or delete it as needed.