All Products
Search
Document Center

Edge Security Acceleration:Configure a whitelist

Last Updated:Jan 04, 2024

Dynamic Content Delivery Network (DCDN) allows you to configure a whitelist to allow requests that have specific characteristics based on your business requirements. This way, the requests can bypass the checks of specific or all protection modules, such as basic protection rules and custom protection rules.

Prerequisites

Create a protection policy

  1. Log on to the DCDN console.

  2. In the left-side navigation pane, choose WAF > Protection Policies.

  3. On the Protection Policies page, click Create Policy.

  4. On the Create Policy page, configure the parameters. The following table describes the parameters.

    Section

    Parameter

    Description

    Policy Information

    Policy Type

    The type of the protection policy. Select Whitelist.

    Policy Name

    The name of the protection policy. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).

    Make Default

    Specifies whether the current policy is the default policy of the current policy type.

    Note
    • You can specify only one default policy for each policy type. After you specify a default policy, you cannot change the default policy.

    • If you have specified the default policy for the current policy type, this switch is unavailable.

    Rule Information

    Rule

    The information about the current whitelist rule. For more information, see Whitelist rule parameters .

    Note

    You can add up to 10 rules. To increase the quota, contact your account manager or contact us by other means. For more information, see Contact us.

    Protected Domain Names

    Select Association Mode

    You can associate a protected domain name with multiple policies of the same type. If you have associated a domain name with a policy of the same type, you can add the current policy or replace the existing policy with the current policy. You can only replace the existing policy with the current policy for domain names that are associated with the default policy. Valid values:

    • Add and replace the original associated policy: disassociates the associated policy and replaces the policy with the current policy.

    • Add and keep the original associated policy: adds the current policy and retains the associated policy.

    Protected Domain Names

    The domain names that you want to associate with the current protection policy.

  5. Click Create Policy.

    By default, the protection policy that you created is enabled.

Whitelist rule parameters

You can create a whitelist rule when you create a whitelist. You can also create a whitelist rule for an existing whitelist. The following table describes the parameters.

白名单规则

Parameter

Description

Rule Name

The name of the rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).

Match Condition

The request characteristics for matching.

Click Add Condition to add a match condition. You can add up to five match conditions to a rule. If you add multiple match conditions, the rule is considered matched only if all match conditions are met.

Each match condition consists of Match Field, Logical Operator, and Match Content. For information about examples on how to configure match conditions, see Match conditions.

For information about match fields and logical operators, see Match conditions.

Module

The protection modules that do not check requests that match the specified match conditions. Valid values:

  • All Modules: All protection modules do not check the requests that match the specified match conditions and directly forward the requests to the origin server.

    You can select All Modules if you want to allow trusted requests to bypass the check. The trusted requests include requests from trusted vulnerability scanners and the endpoints of authenticated third-party systems.

  • Custom Module: The requests that match the specified match conditions are not checked based on specific protection rules.

    • Basic Protection Rule: The requests that match the specified match conditions are not checked based on specific basic protection rules.

      If you select Basic Protection Rule, you must specify the rules that you want to ignore.

      • All Rules: All protection rules in the basic protection rule module are not used to check the requests that match the specified match conditions. This is the default value.

      • Specified Basic Web Protection Subrules: The rules of specific IDs in the basic protection rule module are not used to check the requests that match the specified match conditions.

        You must specify the ID of the rule. Each rule ID contains six digits. You can specify up to 50 rule IDs. Separate multiple IDs with commas (,).

      • Specified Rule Type: The rules of specific types in the basic protection rule module are not used to check the requests that match the specified match conditions. The rule types include SQL Injection, XSS, Code Execution, Local File Inclusion, Remote File Inclusion, Webshell, Custom Rule, and Others.

    • Custom Rule: The requests that match the specified match conditions are not checked based on custom rules.

    • IP Blacklist: The requests from specific IPv4 addresses, IPv6 addresses, or CIDR blocks are blocked.

    • Region Blacklist: Requests from specific regions are blocked.

    • Bot Management: Anti-crawler rules for websites and apps can be configured.

    • Scan Protection: Attackers and scanners are prevented from scanning sites on a large scale.

Related API operations