This section describes how to enable basic web protection.
Basic web protection defends against common web attacks, such as SQL injection, XSS attacks, remote buffer overflow attacks, file inclusion, Bash vulnerability exploits, remote command execution, directory traversal, sensitive file access, and command and code injections, and detects webshells, robots (search engine, scanner, and script tool), and other crawlers.
- Login credentials have been obtained.
- The domain name to be protected has been created.
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Choose Domains. The Domains page is displayed (see Figure 1).. In the navigation pane, choose
Figure 1 Domains page
- In the Operation column of the row containing the target domain name, click Configure Policy. The protection configuration page is displayed, as shown in Figure 2.
Figure 2 Protection configuration page
- In the Basic Web Protection configuration area, change Status and Mode as needed by referring to Table 1 and then click Save in the upper right corner of the Protection Status list. In the dialog box displayed, click Yes to save the settings. Otherwise, click Cancel. See Figure 3.
Figure 3 Basic Web Protection configuration area
Table 1 Parameter description
Status of Basic Web Protection
- : enabled.
- : disabled.
- Block: WAF blocks and logs detected attacks.
- Log only: WAF logs detected attacks only.
- In the Basic Web Protection configuration area, click Advanced Settings. Enable the protection type that best fits your needs (see Figure 4).
If you do not click Save after changing Status and Mode in step 5, the Warning dialog box is displayed when you click Advanced Settings.
- Click Yes to cancel the previous settings.
- Click No and then Save to save the settings.
Figure 4 Advanced settings
- Set the protection level.
In the upper part of the page, select a protection level: Low, Medium, or High. The default value is Medium.
- Low: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that in fact exist. If you find out that configured protection rules are affecting your services, adjust the protection level to Low.
- Medium: WAF detects remote file inclusion, third-party software vulnerabilities, webshell, and cp and ftp commands.
- High: WAF detects Netcat, Nmap, kill commands, and more. If you need stricter protection, select High to avoid unreported vulnerabilities but you may see more vulnerabilities that in fact unlikely exist.
- Set the protection type.
By default, General Check and Scanner are enabled. Click to enable other protection types.
- Click Save in the upper right of the page to save the settings. Otherwise, click Cancel.