diff --git a/umn/source/enabling_waf_protection/connecting_a_website_to_waf/step_1_add_a_website_to_waf.rst b/umn/source/enabling_waf_protection/connecting_a_website_to_waf/step_1_add_a_website_to_waf.rst index 491891a..83aab9d 100644 --- a/umn/source/enabling_waf_protection/connecting_a_website_to_waf/step_1_add_a_website_to_waf.rst +++ b/umn/source/enabling_waf_protection/connecting_a_website_to_waf/step_1_add_a_website_to_waf.rst @@ -42,53 +42,53 @@ Procedure .. table:: **Table 1** Parameter description - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ - | Parameter | Description | Example Value | - +=======================+===========================================================================================================================================================================================================================================================================================================================================+==========================================+ - | Website Name | Website name you specify. | WAF-DT | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ - | Protected Object | A domain name or IP address of the website to be protected. The domain name can be a single domain name or a wildcard domain name. | Single domain name: **www.example.com** | - | | | | - | | - Single domain name: Enter a single domain name. For example, www.example.com. | Wildcard domain name: **\*.example.com** | - | | - Wildcard domain name | | - | | | IP address format: *XXX.XXX.1.1* | - | | .. note:: | | - | | | | - | | Wildcard domain names cannot contain underscores (_). | | - | | | | - | | - If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **``*``.example.com** to WAF to protect all three. | | - | | - If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ - | Website Remarks | Brief description of the website | test | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ - | Protected Port | Select the port that needs to be protected from the drop-down list box. | Standard ports | - | | | | - | | To protect port 80 or 443, select **Standard port** from the drop-down list. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ - | Server Configuration | Address of the web server. The configuration contains the **Client Protocol**, **Server protocol**, VPC, **Server Address,** and **Server Port**. | **Client Protocol**: **HTTP** | - | | | | - | | - **Client Protocol**: Protocol used for forwarding a client requests to the dedicated WAF instance. The options are **HTTP** and **HTTPS**. | **Server Protocol**: **HTTP** | - | | - **Server Protocol**: Protocol used for forwarding a client request to the origin server through the dedicated WAF instance. The options are **HTTP** and **HTTPS**. | | - | | | **VPC**: vpc-default | - | | .. note:: | | - | | | **Server Address**: *192.168.1.1* | - | | WAF can check WebSocket and WebSockets requests, which is enabled by default. | | - | | | **Server Port**: **80** | - | | - **VPC**: Select the VPC to which the dedicated WAF instance belongs. | | - | | - **Server Address**: Private IP address or domain name of the website server that a client (for example, a browser) accesses. | | - | | - **Server Port**: service port of the server to which the dedicated WAF instance forwards client requests. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ - | Certificate Name | If you set **Client Protocol** to **HTTPS**, an SSL certificate is required. You can select an existing certificate or import an external certificate. For details about how to import a certificate, see :ref:`Importing a New Certificate `. | ``-`` | - | | | | - | | For details about how to create a certificate, see :ref:`Uploading a Certificate `. | | - | | | | - | | .. important:: | | - | | | | - | | NOTICE: | | - | | | | - | | - Only .pem certificates can be used in WAF. If the certificate is not in .pem, convert it into a .pem certificate by referring to :ref:`Importing a New Certificate ` before uploading the certificate. | | - | | - Each domain name must have a certificate associated. A wildcard domain name can only use a wildcard domain certificate. If you only have single-domain certificates, you need to add domain names one by one in WAF. | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ + | Parameter | Description | Example Value | + +=======================+========================================================================================================================================================================================================================================================================================================================================+==========================================+ + | Website Name | Website name you specify. | WAF-DT | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ + | Protected Object | A domain name or IP address of the website to be protected. The domain name can be a single domain name or a wildcard domain name. | Single domain name: **www.example.com** | + | | | | + | | - Single domain name: Enter a single domain name. For example, www.example.com. | Wildcard domain name: **\*.example.com** | + | | - Wildcard domain name | | + | | | IP address format: *XXX.XXX.1.1* | + | | .. note:: | | + | | | | + | | Wildcard domain names cannot contain underscores (_). | | + | | | | + | | - If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **\*.example.com** to WAF to protect all three. | | + | | - If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ + | Website Remarks | Brief description of the website | test | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ + | Protected Port | Select the port that needs to be protected from the drop-down list box. | Standard ports | + | | | | + | | To protect port 80 or 443, select **Standard port** from the drop-down list. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ + | Server Configuration | Address of the web server. The configuration contains the **Client Protocol**, **Server protocol**, VPC, **Server Address,** and **Server Port**. | **Client Protocol**: **HTTP** | + | | | | + | | - **Client Protocol**: Protocol used for forwarding a client requests to the dedicated WAF instance. The options are **HTTP** and **HTTPS**. | **Server Protocol**: **HTTP** | + | | - **Server Protocol**: Protocol used for forwarding a client request to the origin server through the dedicated WAF instance. The options are **HTTP** and **HTTPS**. | | + | | | **VPC**: vpc-default | + | | .. note:: | | + | | | **Server Address**: *192.168.1.1* | + | | WAF can check WebSocket and WebSockets requests, which is enabled by default. | | + | | | **Server Port**: **80** | + | | - **VPC**: Select the VPC to which the dedicated WAF instance belongs. | | + | | - **Server Address**: Private IP address or domain name of the website server that a client (for example, a browser) accesses. | | + | | - **Server Port**: service port of the server to which the dedicated WAF instance forwards client requests. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ + | Certificate Name | If you set **Client Protocol** to **HTTPS**, an SSL certificate is required. You can select an existing certificate or import an external certificate. For details about how to import a certificate, see :ref:`Importing a New Certificate `. | ``-`` | + | | | | + | | For details about how to create a certificate, see :ref:`Uploading a Certificate `. | | + | | | | + | | .. important:: | | + | | | | + | | NOTICE: | | + | | | | + | | - Only .pem certificates can be used in WAF. If the certificate is not in .pem, convert it into a .pem certificate by referring to :ref:`Importing a New Certificate ` before uploading the certificate. | | + | | - Each domain name must have a certificate associated. A wildcard domain name can only use a wildcard domain certificate. If you only have single-domain certificates, you need to add domain names one by one in WAF. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+ 7. Configure **Proxy**. diff --git a/umn/source/faqs/about_waf/waf_usage/how_does_waf_forward_access_requests_when_both_a_wildcard_domain_name_and_a_single_domain_name_are_connected_to_waf.rst b/umn/source/faqs/about_waf/waf_usage/how_does_waf_forward_access_requests_when_both_a_wildcard_domain_name_and_a_single_domain_name_are_connected_to_waf.rst index 6c42c95..c2e606d 100644 --- a/umn/source/faqs/about_waf/waf_usage/how_does_waf_forward_access_requests_when_both_a_wildcard_domain_name_and_a_single_domain_name_are_connected_to_waf.rst +++ b/umn/source/faqs/about_waf/waf_usage/how_does_waf_forward_access_requests_when_both_a_wildcard_domain_name_and_a_single_domain_name_are_connected_to_waf.rst @@ -7,9 +7,9 @@ How Does WAF Forward Access Requests When Both a Wildcard Domain Name and a Sing WAF preferentially forwards access requests to the single domain name. If the single domain name cannot be identified, access requests will be forwarded to the wildcard domain name. -For example, if you connect single domain name a.example.com and wildcard domain name ``*``.example.com to WAF, WAF preferentially forwards access requests to single domain name a.example.com. +For example, if you connect single domain name a.example.com and wildcard domain name \*.example.com to WAF, WAF preferentially forwards access requests to single domain name a.example.com. If you are configuring a wildcard domain name, pay attention to the following: -- If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **``*``.example.com** to WAF to protect all three. +- If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **\*.example.com** to WAF to protect all three. - If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one. diff --git a/umn/source/faqs/website_domain_name_access_configuration/domain_name_and_port_configuration/does_waf_support_wildcard_domain_names.rst b/umn/source/faqs/website_domain_name_access_configuration/domain_name_and_port_configuration/does_waf_support_wildcard_domain_names.rst index f79143b..329900e 100644 --- a/umn/source/faqs/website_domain_name_access_configuration/domain_name_and_port_configuration/does_waf_support_wildcard_domain_names.rst +++ b/umn/source/faqs/website_domain_name_access_configuration/domain_name_and_port_configuration/does_waf_support_wildcard_domain_names.rst @@ -15,5 +15,5 @@ Yes. When adding a domain name to WAF, you can configure a single domain name or You can configure a wildcard domain name to let WAF protect multi-level domain names under the wildcard domain name. - - If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can directly add the wildcard domain name **``*``.example.com** to WAF for protection. + - If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can directly add the wildcard domain name **\*.example.com** to WAF for protection. - If each subdomain name points to different server IP addresses, add subdomain names as single domain names one by one. diff --git a/umn/source/rule_configuration/configuring_a_cc_attack_protection_rule.rst b/umn/source/rule_configuration/configuring_a_cc_attack_protection_rule.rst index 02e9a84..91f909c 100644 --- a/umn/source/rule_configuration/configuring_a_cc_attack_protection_rule.rst +++ b/umn/source/rule_configuration/configuring_a_cc_attack_protection_rule.rst @@ -17,10 +17,10 @@ Constraints - It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the **Events** page. - A reference table can be added to a CC attack protection rule. The reference table takes effect for all protected domain names. -- A CC attack protection rule offers protective actions such as **Verification code** and **Block** for your choice. For example, you can configure a CC attack protection rule to block requests from a visit for 600 seconds by identifying their cookie (name field) if the visitor accessed a URL (for example, /admin\ ``*``) of your website over 10 times within 60 seconds. +- A CC attack protection rule offers protective actions such as **Verification code** and **Block** for your choice. For example, you can configure a CC attack protection rule to block requests from a visit for 600 seconds by identifying their cookie (name field) if the visitor accessed a URL (for example, /admin*) of your website over 10 times within 60 seconds. - The path in a CC attack protection rule must be set to a URL (excluding the domain name). This parameter allows prefix match and exact match. - - Prefix match: A path ending with ``*`` indicates that the path is used as a prefix. The ``*`` can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. + - Prefix match: A path ending with \* indicates that the path is used as a prefix. The \* can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. - Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**. Procedure @@ -68,7 +68,7 @@ Procedure | | | | | | Part of the URL without the domain name. | | | | | | - | | - Prefix match: A path ending with ``*`` indicates that the path is used as a prefix. The ``*`` can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. | | + | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. The \* can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. | | | | - Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**. | | | | | | | | .. note:: | | diff --git a/umn/source/rule_configuration/configuring_a_data_masking_rule.rst b/umn/source/rule_configuration/configuring_a_data_masking_rule.rst index 9bed2d2..b3c55a9 100644 --- a/umn/source/rule_configuration/configuring_a_data_masking_rule.rst +++ b/umn/source/rule_configuration/configuring_a_data_masking_rule.rst @@ -57,35 +57,35 @@ Procedure .. table:: **Table 1** Rule parameters - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Description | Example Value | - +=======================+==========================================================================================================================================================================================================+==============================================================================================================================+ - | Path | Part of the URL that does not include the domain name. | **/admin/login.php** | - | | | | - | | - Prefix match: The path ending with ``*`` indicates that the path is used as a prefix. For example, if the path to be protected is **/admin/test.php** or **/adminabc**, set **Path** to **/admin\***. | For example, if the URL to be protected is **http://www.example.com/admin/login.php**, set **Path** to **/admin/login.php**. | - | | - Exact match: The path to be entered must match the path to be protected. If the path to be protected is **/admin**, set **Path** to **/admin**. | | - | | | | - | | .. note:: | | - | | | | - | | - The path supports prefix and exact matches only and does not support regular expressions. | | - | | - The path cannot contain two or more consecutive slashes. For example, **///admin**. If you enter **///admin**, WAF converts **///** to **/**. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | Masked Field | A field set to be masked | - If **Masked Field** is **Params** and **Field Name** is **id**, content that matches **id** is masked. | - | | | - If **Masked Field** is **Cookie** and **Field Name** is **name**, content that matches **name** is masked. | - | | - **Params**: A request parameter | | - | | - **Cookie**: A small piece of data to identify web visitors | | - | | - **Header**: A user-defined HTTP header | | - | | - **Form**: A form parameter | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | Field Name | Set the parameter based on **Masked Field**. The masked field will not be displayed in logs. | | - | | | | - | | .. important:: | | - | | | | - | | NOTICE: | | - | | The length of a subfield cannot exceed 2,048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ - | Rule Description | A brief description of the rule. This parameter is optional. | None | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Description | Example Value | + +=======================+=======================================================================================================================================================================================================+==============================================================================================================================+ + | Path | Part of the URL that does not include the domain name. | **/admin/login.php** | + | | | | + | | - Prefix match: The path ending with \* indicates that the path is used as a prefix. For example, if the path to be protected is **/admin/test.php** or **/adminabc**, set **Path** to **/admin\***. | For example, if the URL to be protected is **http://www.example.com/admin/login.php**, set **Path** to **/admin/login.php**. | + | | - Exact match: The path to be entered must match the path to be protected. If the path to be protected is **/admin**, set **Path** to **/admin**. | | + | | | | + | | .. note:: | | + | | | | + | | - The path supports prefix and exact matches only and does not support regular expressions. | | + | | - The path cannot contain two or more consecutive slashes. For example, **///admin**. If you enter **///admin**, WAF converts **///** to **/**. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ + | Masked Field | A field set to be masked | - If **Masked Field** is **Params** and **Field Name** is **id**, content that matches **id** is masked. | + | | | - If **Masked Field** is **Cookie** and **Field Name** is **name**, content that matches **name** is masked. | + | | - **Params**: A request parameter | | + | | - **Cookie**: A small piece of data to identify web visitors | | + | | - **Header**: A user-defined HTTP header | | + | | - **Form**: A form parameter | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ + | Field Name | Set the parameter based on **Masked Field**. The masked field will not be displayed in logs. | | + | | | | + | | .. important:: | | + | | | | + | | NOTICE: | | + | | The length of a subfield cannot exceed 2,048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed. | | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ + | Rule Description | A brief description of the rule. This parameter is optional. | None | + +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ #. Click **Confirm**. The added data masking rule is displayed in the list of data masking rules. diff --git a/umn/source/service_overview/specifications.rst b/umn/source/service_overview/specifications.rst index bd1f674..8f27198 100644 --- a/umn/source/service_overview/specifications.rst +++ b/umn/source/service_overview/specifications.rst @@ -74,5 +74,5 @@ For more details, see :ref:`Table 2