You can use the protection rules provided by Web Application Firewall (WAF) to customize your rule groups for a specific protection feature, such as Protection Rules Engine, also known as web application protection. If default protection rule groups do not meet your business requirements, we recommend that you customize protection rule groups to protect your website.
Prerequisites
- A WAF instance is purchased. The instance must meet the following requirements:
- The instance uses the subscription billing method.
- If the instance is deployed in the Chinese mainland, the instance must be of the Business edition or higher.
- If the instance is deployed outside the Chinese mainland, the instance must be of the Enterprise edition or higher.
- Your website is added to WAF. For more information, see Tutorials.
Background information
Only the Protection Rules Engine feature supports custom protection rule groups. For more information about Protection Rules Engine, see Configure the protection rules engine feature.Use a custom rule group
- Create a rule group: Create a custom rule group for a specific protection feature.
- Apply the rule group: Apply the created rule group to your website.
Create a rule group
- Log on to the WAF console. In the top navigation bar, select the resource group and the region to which your WAF instance belongs. The region can be Chinese Mainland or Outside Chinese Mainland.
- In the left-side navigation pane, choose .
- Optional:On the Protection Rule Group page, click the tab of the protection feature for which you want to create a custom rule group. Note You can skip this step because only the web application protection feature supports custom protection rule groups. The Web Application Protection tab automatically appears.The tab displays default and custom rule groups.
- Default rule group: Default rule groups are Loose rule group, Medium rule group, and Strict rule group. You can click a value in the Built-in Rule Number column to view information about the built-in rules of the default rule group.Note Default rule groups cannot be edited or deleted.
- Custom rule group: You can create a custom rule group on the Protection Rule Group page.
- Default rule group: Default rule groups are Loose rule group, Medium rule group, and Strict rule group.
- Click Create Rule Group. Note You can create a maximum of 10 rule groups for the web application protection feature.
- Complete the Create Rule Group wizard. You can view the created rule group in the rule group list and select the website to which you want to apply the rule group. For more information, see Apply the rule group.
After the rule group is created, you can view the time when the rule group was created in the Updated On: column on the Protection Rule Group page and determine whether to update the rule group.
Apply the rule group
- On the Protection Rule Group page, apply the rule group to a website. The following procedure is provided for this scenario.
- On the Website Protection page, select the rule group from the Protection Rule Group drop-down list in the Protection Rules Engine card.
For more information, see Configure the protection rules engine feature.
- Log on to the WAF console. In the top navigation bar, select the resource group and the region to which your WAF instance belongs. The region can be Chinese Mainland or Outside Chinese Mainland.
- In the left-side navigation pane, choose .
- Optional:On the Protection Rule Group page, click the tab of the protection feature for which you want to apply a rule group. Note You can skip this step because only the web application protection feature supports custom protection rule groups. The Web Application Protection tab automatically appears.
- In the rule group list, find the rule group that you want to apply and click Apply to Website in the Action column.
- On the Apply to Website page, select the website to which you want to apply the rule group from the Websites not Added to WAF section, add the website to the Websites Added to WAF section, and then click Save. Important You must apply one rule group to each website.After the rule group is applied, you can view the website in the Website column in the rule group list.
What to do next
You can perform the following operations to manage the created rule group on the Protection Rule Group page:
- Copy: allows you to copy the configurations of the rule group.
You can change the settings for Rule Group Name, Description, and Automatic Update. However, you cannot change the setting for Rule Group Template or the rule settings. If you want to change the rule settings, we recommend that you copy the rule group and change the rule settings in the copied rule group.
- Edit: allows you to change the name, description, and rule settings of the rule group. Default rule groups cannot be edited.
- Delete: allows you to delete the rule group. Default rule groups cannot be deleted.
Before you delete a custom rule group, make sure that it is not applied to a website. If the rule group is applied to a website, apply a different rule group to the website before you delete the rule group.