Checks whether one or more protection features are enabled for each domain name that is protected by Web Application Firewall (WAF).
Scenarios
We recommend that you enable one or more protection features for each domain name that is protected by WAF to protect the domain name.
Risk level
Default risk level: high.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If one or more protection features are enabled for each domain name that is protected by WAF, the evaluation result is compliant.
- If no protection feature is enabled for a domain name that is protected by WAF, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | waf-domain-enabled-specified-protection-module |
| Rule ID | waf-domain-enabled-specified-protection-module |
| Tag | WAF and Domain |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | All day |
| Supported resource type | Domain name |
| Input parameter | defenseType |
Non-compliance remediation
Enable one or more protection features for each domain name that is protected by WAF. For more information, see Overview.