When you use Web Application Firewall (WAF) 3.0, you can view all built-in protection rules and configure custom protection rules for hybrid cloud protection on the Rule Libraries page. This topic describes how to manage protection rules on the Rule Libraries page.
Built-in protection rules
Built-in protection rules are maintained and updated by the Alibaba Cloud security team. You can only view built-in protection rules.
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland for the region. In the left-side navigation pane, choose .
Click the System Protection Rules tab. The left side of the tab displays the rule information, and the right side of the tab displays the rule update status.
Custom protection rules
Only users who add web services to WAF in hybrid cloud mode can view the Custom Protection Rules tab. You can create, view, modify, and delete custom protection rules on the Rule Libraries page.
Create a custom protection rule
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland for the region.
In the left-side navigation pane, choose .
Click the Custom Protection Rules tab and click Create Rule. Then, configure the parameters and click OK.
Parameter
Description
Rule Name
The name of the custom protection rule, which can contain letters, digits, periods (.), underscores (_), and hyphens (-).
Module Name
Valid values include SQL Injection, XSS, Code Execution, CRLF, Local File Inclusion, Remote File Inclusion, Webshell, Others, OS Command Injection, Expression Injection, Java Deserialization, PHP Deserialization, SSRF, Path Traversal, Protocol Non-compliance, Arbitrary File Upload, and File Inclusion.
Rule Level
The level of the custom protection rule. Valid values: Loose, Medium, Strict, and Super Strict.
Status
The status of the custom protection rule. By default, a custom protection rule is disabled. To enable a custom protection rule, go to the required protection rule template and click Configure Engine.
Action
The action of the custom protection rule. By default, the action is Block. To change the action, go to the Basic Protection Rule section and click Configure Engine.
Rule Description
The conditions and purpose of the custom protection rule. This parameter is optional.
Match Field
The characteristics of requests that you want the custom protection rule to match.
You can add up to 10 conditions to a custom protection rule. If you specify multiple conditions, the custom protection rule is considered hit only when all conditions are matched.
Each match condition consists of the Match Field, Logical Operator, and Match Content parameters. Examples:
Example 1: Set the Match Field parameter to URI, the Logical Operator parameter to Contains, and the Match Content parameter to
/login.php
. If the URI of a request contains/login.php
, the request matches the rule.Example 2: Set the Match Field parameter to IP, the Logical Operator parameter to Belongs To, and the Match Content parameter to
192.1X.XX.XX
. If a request is sent from a client whose IP address is192.1.XX.XX
, the request matches the rule.
For more information about the match fields and logical operators, see Match conditions.
NoteYou can create up to 200 custom protection rules for an Alibaba Cloud account or a Resource Access Management (RAM) user.
If the The operation is successful. message appears, the custom protection rule is created.
Enable a custom protection rule
If you want to associate a custom protection rule with a protected object after you create the custom protection rule, you must enable the custom protection rule in the Configure Engine panel.
In the left-side navigation pane, choose . In the Basic Protection Rule section of the Basic Web Protection page, find the required protection rule template and click Edit in the Actions column.
In the Edit - Basic Protection Rule panel, click Configure Engine. In the Configure Engine panel, find your rule and turn on Status.
Modify a custom protection rule
In the Custom Rule section, find the custom protection rule that you want to modify and click Edit in the Actions column. In the Edit Rule dialog box, you can edit the rule name, rule level, rule status, rule description, and match fields. After you modify the rule, click OK. After the message indicating that the operation is successful appears, you can view the information about the rule after modification.
Delete a custom protection rule
In the Custom Rule section, find the custom protection rule that you want to delete and click Delete in the Actions column.
If a custom protection rule is deleted, the rule no longer takes effect and is synchronously deleted in the engine even if the custom protection rule is enabled in the engine.