After you add your web services to Web Application Firewall (WAF), you can configure HTTP flood protection rules to block HTTP flood attacks that target websites and return 405 error pages to clients. This topic describes how to create an HTTP flood protection rule.
Prerequisites
A WAF 3.0 instance is purchased. For more information, see Purchase a subscription WAF 3.0 instance and Purchase a pay-as-you-go WAF 3.0 instance.
Web services are added to WAF 3.0 as protected objects. For more information, see Configure protected objects and protected object groups.
Create a protection template for the HTTP flood protection module
A default protection template is provided, and the template does not include protection rules. By default, the protection template is enabled. To enable custom rules, you must create a protection template and configure rules for the template. Perform the following steps to create a protection template:
The default protection template is available only for subscription WAF instances that run Pro Edition, Enterprise Edition, or Ultimate Edition.
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.
In the left-side navigation pane, choose .
In the lower part of the Protection Rules page, click Create Template in the HTTP Flood Protection section.
NoteIf this is your first time to create a protection template for the HTTP flood protection module, you can click Configure Now in the HTTP Flood Protection card in the upper part of the Protection Rules page.
In the Create Template - HTTP Flood Protection panel, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Template Name
Specify a name for the template.
The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
Save as Default Template
Specify whether to set the template as the default template for the protection module.
You can specify only one default template for a protection module. If you turn on Save as Default Template, you do not need to configure the Apply To parameter. The default template is applied to all protected objects and protected object groups to which no custom templates are applied.
Action
Select the action that you want WAF to perform when a request matches the rule. Valid values:
Protection: blocks only suspicious requests. In this mode, the false positive rate is low. We recommend that you apply this mode when no abnormal traffic is detected on the website. This helps avoid false positives.
Protection-emergency: blocks HTTP flood attacks. In this mode, the false positive rate may be high. If HTTP flood attacks fail to be blocked in Protection mode, the website responds at a low speed, and monitoring metrics such as traffic, CPU, and memory are abnormal, you can select this mode.
NoteThe Protection-emergency mode is suitable for web pages and HTML5 pages. We recommend that you do not select this mode for APIs or native apps. If you select this mode for APIs or native apps, a large number of false positives may occur. We recommend that you create custom rules for APIs or native apps. For more information, see Configure custom rules.
Apply To
Select items to which you want to apply the template on the Protected Objects and Protected Object Group tabs.
You can apply only one template of a protection module to a protected object or protected object group. For more information about how to add protected objects and create protected object groups, see Configure protected objects and protected object groups.
By default, a newly created protection template is enabled. You can perform the following operations on the template in the template list:
View the numbers of protected objects and protected object groups that are associated with the template in the Protected Object/Group column.
Turn on or turn off the switch in the Status column to enable or disable the template.
Click Edit or Delete in the Actions column to modify or delete the template.
Click Edit in the Actions column to modify the template.
Click the
icon to the left of the template name to view the protection rules in the template.
Click the
icon to the left of the template name to view the engine information of the template.
What to do next
On the HTTP Flood Protection tab of the Security Reports page, you can view the protection details of HTTP flood protection rules. For more information, see IP address blacklist, custom rule, scan protection, HTTP flood protection, and region blacklist modules.
References
Protection configuration overview: describes protected objects, protection modules, and protection processes.
How do I disable HTTP flood protection for a domain name? : describes the following methods that you can use to disable HTTP flood protection for a domain name: configuring whitelist rules and configuring HTTP flood protection rules.
CreateDefenseTemplate: creates a protection template.
CreateDefenseRule: creates a protection rule. When you call this operation to create an HTTP flood protection rule, you must set the DefenseScene parameter to cc.