Services

API

Инструкции на Русском

All
  • All
  • AC
  • AOM
  • AOS
  • APIG
  • APISIGN
  • APM
  • AS
  • BMS
  • CBH
  • CBR
  • CCE
  • CCM
  • CES
  • CGS
  • CLOUDCLI
  • CPTS
  • CSS
  • CTS
  • DAS
  • DAYU
  • DBSS
  • DC
  • DCS
  • DDM
  • DDS
  • DLI
  • DNS
  • DRS
  • DWS
  • ECS
  • EIP
  • ELB
  • EM
  • EVS
  • FUNCTIONGRAPH
  • GES
  • HRM
  • HSS
  • IAAS
  • IAM
  • IMS
  • KAFKA
  • KMS
  • LTS
  • MRS
  • NAT
  • OBS
  • RABBITMQ
  • RDS
  • SERVICESTAGE
  • SFS
  • SMN
  • SMS
  • SWR
  • TMS
  • VPC
  • VPCEP
  • VPN
  • WAF
  1. Help Center
  2. Web Application Firewall
  3. User Guide
  4. Service Overview
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. What Is WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. Why Does the Vulnerability Scanning Tool Report Disabled Non-standard Ports for My WAF-Protected Website?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Request/Specification
  5. WAF Instance Specifications Change
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Request/Specification
  5. WAF Instance Specifications Change
  6. What Are the Impacts When QPS Exceeds the Allowed Peak Rate?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Request/Specification
  5. About Service Requests
  6. Where Can I View the Inbound and Outbound Bandwidths of a Protected Website?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. How Do I Add a Domain Name/IP Address to WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Certificate Management
  6. How Do I Select a Certificate When Configuring a Wildcard Domain Name?
  1. Help Center
  2. Web Application Firewall
  3. Events
  4. Viewing Protection Event Logs
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Server Configuration
  6. How Do I Configure the Client Protocol and Server Protocol?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Operations After Connecting Websites to WAF
  6. Can I Access a Website Using an IP Address After a Domain Name Is Connected to WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. How Do I Troubleshoot 404/502/504 Errors?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Basic Web Protection
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Basic Web Protection
  6. How Do I Switch the Mode of Basic Web Protection from Log Only to Block?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. CC Attack Protection Rules
  6. What Is the Peak Rate of CC Attack Protection?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Precise Protection rules
  6. Can a Precise Protection Rule Take Effect in a Specified Period?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. IP Address Blacklist and Whitelist
  6. Can I Batch Add IP Addresses to a Blacklist or Whitelist Rule?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Anti-Crawler Protection
  6. Why Is the Requested Page Unable to Load After JavaScript Anti-Crawler Is Enabled?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. How to Configure WAF Protection
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. In Which Situations Will the WAF Policies Fail?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  5. Can WAF Log Protection Events?
  1. Help Center
  2. Web Application Firewall
  3. Managing Policies
  4. Creating a Protection Policy
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Adding a Website to WAF (Cloud Mode)
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Adding a Website to WAF (Cloud Mode)
  5. Process for Adding a Website to WAF (Cloud Mode)
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Connecting a Website to WAF
  5. Connection Process (Dedicated Mode)
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Advanced Settings
  5. Configuring PCI DSS/3DS Certification Check and TLS Version
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Basic Information
  5. Viewing Basic Information
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Certificate Management
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Certificate Management
  5. Uploading a Certificate
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Managing IP Address Blacklist and Whitelist Groups
  5. Adding an IP Address Group
  1. Help Center
  2. Web Application Firewall
  3. System Management
  4. Managing Dedicated WAF Engines
  1. Help Center
  2. Web Application Firewall
  3. Permissions Management
  4. IAM Permissions Management
  1. Help Center
  2. Web Application Firewall
  3. Permissions Management
  4. IAM Permissions Management
  5. Creating a User Group and Granting Permissions
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  4. Monitoring
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  4. Monitoring
  5. WAF Monitored Metrics
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  4. Auditing
  5. WAF Operations Recorded by CTS
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. FAQs for Beginners
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. Can WAF Protect an IP Address?
  1. Help Center
  2. Web Application Firewall
  3. WAF Operation Guide
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. Edition Differences
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. How Do I Obtain the Real IP Address of a Web Visitor?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Request/Specification
  5. About Service Requests
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Certificate Management
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. Which Non-Standard Ports Does WAF Support?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Certificate Management
  6. How Do I Modify a Certificate?
  1. Help Center
  2. Web Application Firewall
  3. Events
  4. Handling False Alarms
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Server Configuration
  6. Why Cannot I Select a Client Protocol When Adding a Domain Name?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Operations After Connecting Websites to WAF
  6. How Do I Test WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Is My Domain Name or IP Address Inaccessible?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. CC Attack Protection Rules
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Basic Web Protection
  6. Which Protection Levels Can Be Set for Basic Web Protection?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. CC Attack Protection Rules
  6. How Do I Configure a CC Attack Protection Rule?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Precise Protection rules
  6. Can a Path Containing # Be Matched in a Precise Protection Rule?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. IP Address Blacklist and Whitelist
  6. Can I Import or Export a Blacklist or Whitelist into or from WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Anti-Crawler Protection
  6. Is There Any Impact on Website Loading Speed If Other Crawler Check in Anti-Crawler Is Enabled?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring Basic Protection Rules to Defend Against Common Web Attacks
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. How Do I Allow Requests from Only IP Addresses in a Specified Geographical Region?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  5. How Do I Obtain Data about Block Actions?
  1. Help Center
  2. Web Application Firewall
  3. Managing Policies
  4. Adding a Domain Name to a Policy
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Connecting a Website to WAF
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Adding a Website to WAF (Cloud Mode)
  5. Step 1: Add a Domain Name to WAF (Cloud Mode)
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Connecting a Website to WAF
  5. Step 1: Add a Website to WAF (Dedicated Mode)
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Advanced Settings
  5. Configuring a Traffic Identifier for a Known Attack Source
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Basic Information
  5. Switching WAF Working Mode
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Managing IP Address Blacklist and Whitelist Groups
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Certificate Management
  5. Using a Certificate for a Protected Website in WAF
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Managing IP Address Blacklist and Whitelist Groups
  5. Modifying or Deleting a Blacklist or Whitelist IP Address Group
  1. Help Center
  2. Web Application Firewall
  3. System Management
  4. Viewing Product Details
  1. Help Center
  2. Web Application Firewall
  3. Permissions Management
  4. IAM Permissions Management
  5. WAF Custom Policies
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  4. Auditing
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  4. Monitoring
  5. Configuring Alarm Monitoring Rules
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  4. Auditing
  5. Querying Real-Time Traces
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Request/Specification
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. What Objects Does WAF Protect?
  1. Help Center
  2. Web Application Firewall
  3. Enabling WAF
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. Basic Concepts
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. Will Traffic Be Permitted After WAF Is Switched to the Bypassed Mode?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Server Configuration
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. How Do I Use a Dedicated WAF Instance to Protect Non-Standard Ports That Are Not Supported by the Dedicated Instance?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Certificate Management
  6. Do I Need to Import the Certificates That Have Been Uploaded to ELB to WAF?
  1. Help Center
  2. Web Application Firewall
  3. Events
  4. Downloading Events Data
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Server Configuration
  6. Can I Set the Origin Server Address to a CNAME Record If I Use Cloud WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Operations After Connecting Websites to WAF
  6. How Can I Forward Requests Directly to the Origin Server Without Passing Through WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. How Do I Handle False Alarms as WAF Blocks Normal Requests to My Website?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Precise Protection rules
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. CC Attack Protection Rules
  6. When Is Cookie Used to Identify Users?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Precise Protection rules
  6. How Can I Allow Access from .js Files?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. IP Address Blacklist and Whitelist
  6. How Do I Block Abnormal IP Addresses?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Anti-Crawler Protection
  6. How Does JavaScript Anti-Crawler Detection Work?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring a CC Attack Protection Rule
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. What Working Modes and Protection Mechanisms Does WAF Have?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  5. What Does "Mismatch" for "Protective Action" Mean in the Event List?
  1. Help Center
  2. Web Application Firewall
  3. Managing Policies
  4. Adding Rules to One or More Policies
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Advanced Settings
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Adding a Website to WAF (Cloud Mode)
  5. Step 2: Whitelist WAF IP Addresses
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Connecting a Website to WAF
  5. Step 2: Configure a Load Balancer for WAF
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Advanced Settings
  5. Modifying the Alarm Page
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Basic Information
  5. Updating a Certificate
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Certificate Management
  5. Viewing Certificate Information
  1. Help Center
  2. Web Application Firewall
  3. System Management
  4. Enabling Alarm Notifications
  1. Help Center
  2. Web Application Firewall
  3. Permissions Management
  4. IAM Permissions Management
  5. WAF Permissions and Supported Actions
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  4. Monitoring
  5. Viewing Monitored Metrics
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. Does WAF Block Customized POST Requests?
  1. Help Center
  2. Web Application Firewall
  3. Dashboard
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. Functions
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. What Are Local File Inclusion and Remote File Inclusion?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Operations After Connecting Websites to WAF
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. How Do I Configure Domain Names to Be Protected When Adding Domain Names?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Certificate Management
  6. How Do I Convert a Certificate into PEM Format?
  1. Help Center
  2. Web Application Firewall
  3. Events
  4. Enabling LTS for WAF Logging
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Does WAF Block Normal Requests as Invalid Requests?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. IP Address Blacklist and Whitelist
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. CC Attack Protection Rules
  6. What Are the Differences Between Rate Limit and Allowable Frequency in a CC Rule?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring Custom Precise Protection Rules
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. What Types of Protection Rules Does WAF Support?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  5. How Long Can WAF Protection Logs Be Stored?
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Basic Information
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Adding a Website to WAF (Cloud Mode)
  5. Step 3: Test WAF
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Connecting a Website to WAF
  5. Step 3: Bind an EIP to a Load Balancer
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Basic Information
  5. Editing Server Information
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  4. Certificate Management
  5. Deleting a Certificate
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. What Are the Differences Between the Web Tamper Protection Functions of WAF and HSS?
  1. Help Center
  2. Web Application Firewall
  3. Events
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. Product Advantages
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. What Is the Difference Between QPS and the Number of Requests?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. Do I Have to Configure the Same Port as That of the Origin Server When Adding a Website to WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. How Do I Whitelist IP Address Ranges of Cloud WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Anti-Crawler Protection
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring IP Address Blacklist and Whitelist Rules to Block or Allow Specified IP Addresses
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. Which of the WAF Protection Rules Support the Log-Only Protective Action?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  5. Can I Query Protection Events of a Batch of Specified IP Addresses at Once?
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Ports Supported by WAF
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Adding a Website to WAF (Cloud Mode)
  5. Step 4: Modify the DNS Records of the Domain Name
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Connecting a Website to WAF
  5. Step 4: Whitelist IP Addresses of Dedicated WAF Instances
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Basic Information
  5. Viewing Protection Information About a Protected Website on Cloud Eye
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. Which Web Service Framework Protocols Does WAF Support?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. Application Scenarios
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. Does WAF Support Custom Authorization Policies?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. How Do I Configure Non-standard Ports When Adding a Protected Domain Name?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. What Is the Connection Timeout Duration of WAF? Can I Manually Set the Timeout Duration?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring Geolocation Access Control Rules to Block or Allow Requests from Specific Locations
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. How Do I Allow Only Specified IP Addresses to Access Protected Websites?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  5. Will WAF Record Unblocked Events?
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Adding a Website to WAF (Cloud Mode)
  5. Configuration Example: Adding a Domain Name to WAF
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Connecting a Website to WAF
  5. Step 5: Test Dedicated WAF Instances
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  4. Basic Information
  5. Deleting a Protected Website from WAF
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. Can WAF Protect Websites Accessed Through HSTS or NTLM Authentication?
  1. Help Center
  2. Web Application Firewall
  3. Managing Policies
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. Personal Data Protection Mechanism
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. How Do I Configure My Server to Allow Only Requests from WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. What Can I Do If One of Ports on an Origin Server Does Not Require WAF Protection?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. How Do I Solve the Problem of Excessive Redirection Times?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring Web Tamper Protection Rules to Prevent Static Web Pages from Being Tampered With
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. Which Protection Rules Are Included in the System-Generated Policy?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Event Logs
  5. Why Is the Traffic Statistics on WAF Inconsistent with That on the Origin Server?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. What Are the Differences Between WAF Forwarding and Nginx Forwarding?
  1. Help Center
  2. Web Application Firewall
  3. Website Settings
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. WAF Permissions Management
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. Why Do Cookies Contain the HWWAFSESID or HWWAFSESTIME field?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. What Data Is Required for Connecting a Domain Name/IP Address to WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Are HTTPS Requests Denied on Some Mobile Phones?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring Anti-Crawler Rules

Configuring Anti-Crawler Rules

You can configure website anti-crawler protection rules to protect against search engines, scanners, script tools, and other crawlers, and use JavaScript to create custom anti-crawler protection rules.

Prerequisites

You have added your website to a policy.

Constraints

  • Cookies must be enabled and JavaScript supported by any browser used to access a website protected by anti-crawler protection rules.
  • If your service is connected to CDN, exercise caution when using the JS anti-crawler function.

    CDN caching may impact JS anti-crawler performance and page accessibility.

  • WAF only logs JavaScript challenge and JavaScript authentication events. No other protective actions can be configured for JavaScript challenge and authentication.
  • WAF JavaScript-based anti-crawler rules only check GET requests and do not check POST requests.

How JavaScript Anti-Crawler Protection Works

Figure 1 shows how JavaScript anti-crawler detection works, which includes JavaScript challenges (step 1 and step 2) and JavaScript authentication (step 3).

Figure 1 JavaScript Anti-Crawler protection process

If JavaScript anti-crawler is enabled when a client sends a request, WAF returns a piece of JavaScript code to the client.

  • If the client sends a normal request to the website, triggered by the received JavaScript code, the client will automatically send the request to WAF again. WAF then forwards the request to the origin server. This process is called JavaScript verification.
  • If the client is a crawler, it cannot be triggered by the received JavaScript code and will not send a request to WAF again. The client fails JavaScript authentication.
  • If a client crawler fabricates a WAF authentication request and sends the request to WAF, the WAF will block the request. The client fails JavaScript authentication.

By collecting statistics on the number of JavaScript challenges and authentication responses, the system calculates how many requests the JavaScript anti-crawler defends. In Figure 2, the JavaScript anti-crawler has logged 18 events, 16 of which are JavaScript challenge responses, and 2 of which are JavaScript authentication responses. Others indicates the number of WAF authentication requests fabricated by the crawler.

Figure 2 Parameters of a JavaScript anti-crawler protection rule
NOTICE:

WAF only logs JavaScript challenge and JavaScript authentication events. No other protective actions can be configured for JavaScript challenge and authentication.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall under Security.
  4. In the navigation pane on the left, choose Policies.
  5. Click the name of the target policy to go to the protection configuration page.
  6. In the Anti-Crawler configuration area, toggle on the function if needed. Then, click Configure Bot Mitigation.

    Figure 3 Anti-Crawler configuration area

  7. Select the Feature Library tab and enable the protection by referring to Table 1.

    A feature-based anti-crawler rule has two protective actions:
    • Block

      WAF blocks and logs detected attacks.

      Enabling this feature may have the following impacts:

      • Blocking requests of search engines may affect your website SEO.
      • Blocking scripts may block some applications because those applications may trigger anti-crawler rules if their user-agent field is not modified.
    • Log only

      Detected attacks are logged only. This is the default protective action.

    Scanner is enabled by default, but you can enable other protection types if needed.
    Figure 4 Feature Library
    Table 1 Anti-crawler detection features

    Type

    Description

    Remarks

    Search Engine

    This rule is used to block web crawlers, such as Googlebot and Baiduspider, from collecting content from your site.

    If you enable this rule, WAF detects and blocks search engine crawlers.

    NOTE:

    If Search Engine is not enabled, WAF does not block POST requests from Googlebot or Baiduspider. If you want to block POST requests from Baiduspider, use the configuration described in Configuration Example - Search Engine.

    Scanner

    This rule is used to block scanners, such as OpenVAS and Nmap. A scanner scans for vulnerabilities, viruses, and other jobs.

    After you enable this rule, WAF detects and blocks scanner crawlers.

    Script Tool

    This rule is used to block script tools. A script tool is often used to execute automatic tasks and program scripts, such as HttpClient, OkHttp, and Python programs.

    If you enable this rule, WAF detects and blocks the execution of automatic tasks and program scripts.

    NOTE:

    If your application uses scripts such as HttpClient, OkHttp, and Python, disable Script Tool. Otherwise, WAF will identify such script tools as crawlers and block the application.

    Other

    This rule is used to block crawlers used for other purposes, such as site monitoring, using access proxies, and web page analysis.

    NOTE:

    To avoid being blocked by WAF, crawlers may use a large number of IP address proxies.

    If you enable this rule, WAF detects and blocks crawlers that are used for various purposes.

  8. Select the JavaScript tab and change Status if needed.

    JavaScript anti-crawler is disabled by default. To enable it, click and then click OK in the displayed dialog box to toggle on .

    NOTICE:
    • Cookies must be enabled and JavaScript supported by any browser used to access a website protected by anti-crawler protection rules.
    • If your service is connected to CDN, exercise caution when using the JS anti-crawler function.

      CDN caching may impact JS anti-crawler performance and page accessibility.

  9. Configure a JavaScript-based anti-crawler rule by referring to Table 2.

    Two protective actions are provided: Protect all requests and Protect specified requests.

    • To protect all requests except requests that hit a specified rule
      Set Protection Mode to Protect all requests. Then, click Exclude Rule, configure the request exclusion rule, and click Confirm.
      Figure 5 Exclude Rule
    • To protect a specified request only

      Set Protection Mode to Protect specified requests, click Add Rule, configure the request rule, and click Confirm.

      Figure 6 Add Rule
    Table 2 Parameters of a JavaScript-based anti-crawler protection rule

    Parameter

    Description

    Example Value

    Rule Name

    Name of the rule

    waf

    Rule Description

    A brief description of the rule. This parameter is optional.

    -

    Effective Date

    Time the rule takes effect.

    Immediate

    Condition List

    Parameters for configuring a condition are as follows:

    • Field: Select the field you want to protect from the drop-down list. Currently, only Path and User Agent are included.
    • Subfield
    • Logic: Select a logical relationship from the drop-down list.
      NOTE:

      If you set Logic to Include any value, Exclude any value, Equal to any value, Not equal to any value, Prefix is any value, Prefix is not any of them, Suffix is any value, or Suffix is not any of them, you need to select a reference table.

    • Content: Enter or select the content that matches the condition.

    Path Include /admin

    Priority

    Rule priority. If you have added multiple rules, rules are matched by priority. The smaller the value you set, the higher the priority.

    5

Related Operations

  • To disable a rule, click Disable in the Operation column of the rule. The default Rule Status is Enabled.
  • To modify a rule, click Modify in the row containing the rule.
  • To delete a rule, click Delete in the row containing the rule.

Configuration Example - Logging Script Crawlers Only

To verify that WAF is protecting domain name www.example.com against an anti-crawler rule:

  1. Execute a JavaScript tool to crawl web page content.
  2. On the Feature Library tab, enable Script Tool and select Log only for Protective Action. (If WAF detects an attack, it logs the attack only.)

    Figure 7 Enabling Script Tool

  3. Enable anti-crawler protection.

    Figure 8 Anti-Crawler configuration area

  4. In the navigation pane on the left, choose Events to go to the Events page.

Configuration Example - Search Engine

The following shows how to allow the search engine of Baidu or Google and block the POST request of Baidu.

  1. Set Status of Search Engine to by referring to the instructions in Step 6.
  2. Configure a precise protection rule by referring to Configuring Custom Precise Protection Rules.

    Figure 9 Blocking POST requests

  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. Why Does the Page Fail to Be Refreshed After WTP Is Enabled?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. Can I Configure Session Cookies in WAF?
  1. Help Center
  2. Web Application Firewall
  3. Object Management
  1. Help Center
  2. Web Application Firewall
  3. Service Overview
  4. WAF and Other Services
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. Can I Switch Between the WAF Cloud Mode and Dedicated Mode?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. How Do I Safely Delete a Protected Domain Name?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. How Do I Fix an Incomplete Certificate Chain?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring Information Leakage Prevention Rules to Protect Sensitive Information from Leakage
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. What Are the Differences Between Blacklist/Whitelist Rules and Precise Protection Rules on Blocking Access Requests from Specified IP Addresses?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. How Does WAF Detect SQL Injection, XSS, and PHP Injection Attacks?
  1. Help Center
  2. Web Application Firewall
  3. System Management
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. How Do I Configure WAF If a Reverse Proxy Server Is Deployed for My Website?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. Can I Change the Domain Name That Has Been Added to WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Does My Certificate Not Match the Key?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring a Global Protection Whitelist Rule to Ignore False Alarms
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Protection Rule Configuration
  5. Others
  6. What Do I Do If a Scanner, such as AppScan, Detects that the Cookie Is Missing Secure or HttpOnly?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Functions
  6. Can WAF Defend Against the Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)?
  1. Help Center
  2. Web Application Firewall
  3. Permissions Management
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. About WAF
  5. WAF Usage
  6. How Does WAF Forward Access Requests When Both a Wildcard Domain Name and a Single Domain Name Are Connected to WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. What Are the Precautions for Configuring Multiple Server Addresses for Backend Servers?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Am I Seeing Error Code 418?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring Data Masking Rules to Prevent Privacy Information Leakage
  1. Help Center
  2. Web Application Firewall
  3. Monitoring and Auditing
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. Does WAF Support Wildcard Domain Names?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Am I Seeing Error Code 523?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Creating a Reference Table to Configure Protection Metrics In Batches
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. How Do I Route Website Traffic to My Cloud WAF Instance?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Does the Website Login Page Continuously Refreshed After a Domain Name Is Connected to WAF?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Configuring a Known Attack Source Rule to Block Specific Visitors for a Specified Duration
  1. Help Center
  2. Web Application Firewall
  3. Change History
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. Can I Configure Multiple Load Balancers for a Dedicated WAF Instance?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Does the Requested Page Respond Slowly After the HTTP Forwarding Policy Is Configured?
  1. Help Center
  2. Web Application Firewall
  3. Policies
  4. Condition Field Description
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Website Domain Name Access Configuration
  5. Domain Name and Port Configuration
  6. Why Am I Seeing the "Someone else has already added this domain name. Please confirm that the domain name belongs to you" Error Message?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. How Can I Upload Files After the Website Is Connected to WAF?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Am I Seeing Error Code 414 Request-URI Too Large?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. What Do I Do If the Protocol Is Not Supported and the Client and Server Do Not Support Common SSL Protocol Versions or Cipher Suites?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Cannot I Access the Dedicated Engine Page?
  1. Help Center
  2. Web Application Firewall
  3. FAQs
  4. Service Interruption Check
  5. Why Is the Bar Mitzvah Attack on SSL/TLS Detected?