All Products
Search
Document Center

Web Application Firewall:FAQ about protection configuration

Last Updated:Jul 11, 2024

This topic provides answers to some frequently asked questions about the protection configuration of Web Application Firewall (WAF) 3.0.

How do I disable HTTP flood protection for a domain name?

If you want requests that are sent to a domain name not to be detected by the HTTP flood protection module, use one of the following methods to disable HTTP flood protection for the domain name.

Create a whitelist rule

  1. (Optional) Add the domain name for which you want to disable HTTP flood protection to WAF as a protected object. For more information, see the "Manually add protected objects" section in the Protected objects and protected object groups topic. This operation is required only when the domain name is configured to point to an Application Load Balancer (ALB) instance.

  2. Create a whitelist rule. When you create or modify a whitelist template, set the Apply To parameter to the domain name for which you want to disable HTTP flood protection. When you create a whitelist rule, set the Bypassed Modules parameter to HTTP Flood Protection. For more information, see Configure whitelist rules to allow specific requests.

After you complete the preceding configurations, requests that are sent to the domain name are not detected by the HTTP flood protection module.

Create an HTTP flood protection rule

If the domain name is not configured to point to an ALB instance

  1. Create an HTTP flood protection rule. When you create an HTTP flood protection template, set the Apply To parameter to the domain name for which you want to disable HTTP flood protection. For more information, see Configure HTTP flood protection rules to defend against HTTP flood attacks.

  2. Then, an HTTP flood protection rule is automatically created for the template. In the HTTP flood protection section, find the HTTP flood protection rule and turn off the switch in the Status column.

After you complete the preceding configurations, requests that are sent to the domain name are not detected by the HTTP flood protection module.

If the domain name is configured to point to an ALB instance

  1. Add all domain names that are configured to point to the ALB instance to WAF as protected objects. For more information, see the "Manually add protected objects" section in the Protected objects and protected object groups topic.

  2. Create two HTTP flood protection rules. For more information, see Configure HTTP flood protection rules to defend against HTTP flood attacks.

    The configurations of the two HTTP flood protection rules must meet the following requirements:

    • Rule A: Set the Action parameter to Protection or Protection-emergency. Then, set the Apply To parameter to the domain name for which you want to enable HTTP flood protection.

    • Rule B: Set the Apply To parameter to the domain names that are configured to point to the ALB instance for which you want to disable HTTP flood protection.

  3. In the HTTP flood protection section, find Rule A and turn on the switch in the Status column. Then, find Rule B and turn off the switch in the Status column.

After you complete the preceding configurations, requests that are sent to the domain names with which Rule A is associated are detected by the HTTP flood protection module. Requests that are sent to the domain names with which Rule B is associated are not detected by the HTTP flood protection module.