CloudMonitor:How do I configure a whitelist for a detection request if the detection request is mistakenly identified as an attack or a crawler?

Solution

Check whether a detection request is mistakenly identified as an attack or crawler by the security policy of the firewall in the log of the firewall. If the detection request is mistakenly blocked by the firewall, you can configure a whitelist for detection requests on the firewall.

You can select an appropriate method to configure a whitelist for detection requests based on the whitelist feature provided by the firewall. The following two methods can be used to configure a whitelist for detection requests on Web Application Firewall (WAF):

• Add custom HTTP request headers to the whitelist

  After you add custom HTTP request headers to the whitelist on WAF, HTTP requests with the specified headers can bypass the security policy. Then, add the fields of the request headers in the whitelist to the settings of the corresponding detection tasks. This way, the detection requests initiated by CloudMonitor contain the request headers in the whitelist and are no longer blocked by WAF.

• Add the source IP address for the specified request to the whitelist

  Add the IP address of the detection point from which CloudMonitor initiates the detection request to the whitelist on WAF. You can call the DescribeSiteMonitorISPCityList operation to query the IPv4 and IPv6 addresses of the detection points for all carriers. The query results are updated on an hourly basis.

  Note

  CloudMonitor occasionally adds or disables some detection points. As a result, the IP addresses may occasionally change. We recommend that you regularly query the IP addresses.

References

• Use PCs to monitor sites

• Use mobile devices to monitor sites

• IP address pools of detection points for site monitoring

• Configure whitelist rules to allow specific requests