- Log on to the Web Application Firewall console. In the left-side navigation pane, click Security Report. On the Web Security tab, click Web Intrusion Prevention. On the Web Intrusion Prevention tab, you can view the records of attacks that are
blocked by WAF and obtain the attack details. For more information, see View Security Reports.
The following figure shows an example of attack details.
- If you have enabled log collection for the domain name of your website, we recommend
that you query attack details on the Log Service page. On the Log Service page, you
can view the details about attacks that are blocked by all protection features of
To query the details about an attack, obtain the ID of the attack request from the block page that is returned by WAF. Then, log on to the Web Application Firewall console. In the left-side navigation pane, click Log Service. On the Log Query tab, query logs by using the advanced search feature. For more information, see Query logs.Notice The Log Service for WAF feature is a paid feature. You must activate Log Service and enable log collection for a domain name before you can query the logs of the domain name. For more information, see Step 1: Enable Log Service for WAF.
- On the Security Report page, click the Web Security tab. Then, click Web Intrusion Prevention. On the Web Intrusion Prevention tab, find the rules that block normal requests and
click Ignore False Positives.
For more information, see View security reports on the Web Security tab.Notice You can click Ignore False Positives only for the built-in protection rules of Protection Rules Engine and the protection rules that are automatically generated by Deep Learning Engine. If a custom protection rule blocks normal requests, you must delete the rule. For example, if an access control list (ACL) rule or HTTP flood protection rule that you configured in the Custom Protection Policy feature blocks normal requests, you must delete the rule.
- On the Website Protection page, configure whitelist rules for different protection features. You can configure
custom match conditions and specify the protection features or protection rules whose
checks are bypassed when the specified match conditions are met. You can use the URL
field to configure a custom match condition.
For more information, see Configure a website whitelist.