After you add a website to Web Application Firewall (WAF), you can configure a whitelist for Access Control/Throttling to allow trusted access requests of the website to bypass the detection of HTTP Flood Protection, IP Blacklist, Scan Protection, and Custom Protection Policy. This whitelist is used to allow access requests that are blocked by mistake.
Prerequisites
- A WAF instance is purchased. For more information, see Purchase a WAF instance.
- Your website is added to the WAF console. For more information, see Add domain names.
Background information
After the preceding detection modules are enabled, normal access requests may be blocked by mistake. In this case, you can configure a whitelist to allow trusted access requests to bypass the detection of a specific module in Access Control/Throttling.
We recommend that you specify rules for the whitelist as precisely as possible to ensure that only trusted access requests are allowed.
Procedure
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- Create a whitelist for Access Control/Throttling.
- In the Create Rule dialog box, configure the following parameters.
Parameter Description Rule name Specify a name for the rule. Matching Condition Specify match conditions for the rule. Click Add rule to add more match conditions. A maximum of five match conditions are allowed. If you specify multiple match conditions, the rule is triggered only after all the match conditions are met. For more information about match conditions, see Fields in match conditions.
Modules Bypassing Check Select the detection modules to bypass after the match conditions are met. Valid Values: - HTTP Flood Protection
- Custom Rules
- IP Blacklist
- Anti-Scan
After you create rules for the whitelist, the rules are automatically enabled. You can view created rules in the rule list. You can also disable, edit, or delete rules as required. - In the Create Rule dialog box, configure the following parameters.
