After you add your web services to Web Application Firewall (WAF), you can configure HTTP flood protection rules to block HTTP flood attacks that target websites and return 405 error pages to clients. This topic describes how to create an HTTP flood protection rule.

Prerequisites

Create an HTTP flood protection rule template

WAF does not provide a default HTTP flood protection rule template. Before you can enable an HTTP flood protection rule, you must create an HTTP flood protection rule template.

  1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region to which the WAF instance that you want to manage belongs. You can select Chinese Mainland or Outside Chinese Mainland for the region.
  2. In the left-side navigation pane, choose Protection Configuration > Protection Rules.
  3. In the lower part of the Protection Rules page, click Create Template in the HTTP Flood Protection section.
    Note If no HTTP flood protection rule templates exist, you can click Configure Now in the HTTP Flood Protection card in the upper part of the Protection Rules page.
  4. In the Create Template - HTTP Flood Protection panel, configure the parameters and click OK. The following table describes the parameters.
    ParameterDescription
    Template NameEnter a name for the template.

    The name must be 1 to 255 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-).

    Save as Default TemplateSpecify whether to set this template as the default template for the protection module.

    You can specify only one default template for a protection module. If you turn on Save as Default Template, you do not need to configure the Apply To parameter. The default template is applied to all protected objects and protected object groups to which no custom protection rule templates are applied.

    ActionSpecify the action that you want WAF to perform on the request that matches the protection rule. Valid values:
    • Protection: blocks only suspicious requests. In this mode, the false positive rate is low. We recommend that you apply this mode when no abnormal traffic is detected on the website. This helps avoid false positives.
    • Protection-emergency: blocks HTTP flood attacks. In this mode, the false positive rate may be high. If HTTP flood attacks fail to be blocked in Protection mode, the website responds at a low speed, and monitoring metrics such as traffic, CPU, and memory are abnormal, you can select this mode.
      Note The Protection-emergency mode is suitable for web pages and HTML5 pages. We recommend that you do not select this mode for APIs or native apps. If you select this mode for APIs or native apps, a large number of false positives may occur. We recommend that you create custom rules for APIs or native apps. For more information, see Configure the custom rule module.
    Apply ToSelect the protected objects and protected object groups to which you want to apply the template.

    You can apply only one template of a protection module to a protected object or a protected object group. For information about how to add protected objects and protected object groups, see Protected objects and protected object groups.

    By default, the new rule template is enabled. You can perform the following operations in the rule template list:
    • View the number of protected objects or protected object groups that are associated with the rule template.
    • Turn on or turn off Status to enable or disable the rule template.
    • Click Edit or Delete in the Actions column to modify or delete the rule template.
    • Click the show icon on the left side of a rule template to view the rules in the template.

What to do next

On the HTTP Flood Protection tab of the Security Reports page, you can view the protection details of HTTP flood protection rules. For more information, see IP address blacklist, custom rule, scan protection, HTTP flood protection, and region blacklist modules.

References