If you find that RegEx Protection Engine of WAF blocks normal requests to your website, you can customize protection rule groups to avoid this issue.
Prerequisites
- A WAF instance is purchased. The instance must meet the following requirements:
- The instance uses the subscription billing method.
- If the instance is deployed in the Chinese mainland, the instance must be of the Business edition or higher.
- If the instance is deployed outside the Chinese mainland, the instance must be of the Enterprise edition or higher.
- Your website is added to WAF. For more information, see Tutorials.
Background information
To address this issue, you must identify the protection rule that causes the issue, create a custom rule group for the affected domain name, and then remove the protection rule from the custom rule group.Procedure
- Log on to the WAF console.
- In the top navigation bar, select the resource group and the region to which the WAF instance belongs. The region can be Chinese Mainland or Outside Chinese Mainland.
- In the left-side navigation pane, choose .
- Identify the ID of the protection rule that causes false positives.
- On the Web Security tab, click Web Intrusion Prevention, select the target domain name, and select Regular Protection in the lower part of the page to view attack records.
- In the attack record list, find the false positive record and record the rule ID. You can search for the record by using the attack IP address.
- In the left-side navigation pane, choose .
- Create a custom rule group and remove the protection rule from the rule group.
- Apply the custom rule group to your website.
- Find the rule group that you copy and click Apply to Website in the Action column.
- On the Apply to Website page, add the affected domain name to the Websites Added to WAF section and click Save.
After you apply the custom rule group, you can go to the Website Protection page and view the RegEx Protection Engine settings. The Protection Rule Group changes to the custom rule group that you apply. For more information, see Configure the protection rules engine feature.When the website receives the same access requests again, WAF does not block the requests.
Note If the requests are still blocked, make sure you identify the correct ID of the protection rule that causes false positives and remove this rule from the custom rule group.