After you add a website to Web Application Firewall (WAF), you can enable the custom protection policy feature to protect the website. This feature allows you to customize access control list (ACL) rules based on precise match conditions and configure rate limiting. Custom protection policies can be tailored for different scenarios, such as hotlink protection and website backend protection.
Prerequisites
- A WAF instance is purchased. For more information, see Purchase a subscription WAF instance.
- Your website is added to WAF. For more information, see Tutorials.
Background information
The custom protection policy feature is implemented by using custom protection rules.
Custom protection rules include ACL rules and HTTP flood protection rules.
- An ACL rule filters requests based on precise match conditions such as client IP addresses, request URLs, and common request headers.
- An HTTP flood protection rule filters requests based on the precise match conditions and rate limiting you have configured.
Limits
The number and specifications of custom rules that can be configured vary based on the editions of subscription WAF instances.
Specification | Description | Pro edition | Business edition | Enterprise edition and higher |
---|---|---|---|---|
Number of custom protection rules | The maximum number of custom protection rules that you can create. | 200 per domain name | 200 per domain name | 200 per domain name |
Advanced match fields | The advanced match fields other than IP addresses and URLs that you can specify in custom protection rules. | Not supported | Supported | Supported |
Rate limiting | The rate limiting settings in a custom protection policy. The settings define an HTTP flood protection rule. | Not supported | Supported | Supported |
Custom statistical objects | The custom statistical objects other than IP addresses and sessions that can be used to configure rate limiting. | Not supported | Supported | Supported |