akyriako/web-application-firewall-dedicated
1
0
Fork 0
forked from docs/web-application-firewall-dedicated
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2023-01-12 15:58:11 +00:00
parent 17741332cb
commit 756760145c
6 changed files with 83 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
umn/source/enabling_waf_protection/connecting_a_website_to_waf/step_1_add_a_website_to_waf.rst
View File

File diff suppressed because it is too large Load Diff

4
umn/source/faqs/about_waf/waf_usage/how_does_waf_forward_access_requests_when_both_a_wildcard_domain_name_and_a_single_domain_name_are_connected_to_waf.rst
View File

@ -7,9 +7,9 @@ How Does WAF Forward Access Requests When Both a Wildcard Domain Name and a Sing
WAF preferentially forwards access requests to the single domain name. If the single domain name cannot be identified, access requests will be forwarded to the wildcard domain name. WAF preferentially forwards access requests to the single domain name. If the single domain name cannot be identified, access requests will be forwarded to the wildcard domain name.
For example, if you connect single domain name a.example.com and wildcard domain name ``*``.example.com to WAF, WAF preferentially forwards access requests to single domain name a.example.com. For example, if you connect single domain name a.example.com and wildcard domain name \*.example.com to WAF, WAF preferentially forwards access requests to single domain name a.example.com.
If you are configuring a wildcard domain name, pay attention to the following: If you are configuring a wildcard domain name, pay attention to the following:
- If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **``*``.example.com** to WAF to protect all three. - If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **\*.example.com** to WAF to protect all three.
- If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one. - If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.

2
umn/source/faqs/website_domain_name_access_configuration/domain_name_and_port_configuration/does_waf_support_wildcard_domain_names.rst
View File

@ -15,5 +15,5 @@ Yes. When adding a domain name to WAF, you can configure a single domain name or
You can configure a wildcard domain name to let WAF protect multi-level domain names under the wildcard domain name. You can configure a wildcard domain name to let WAF protect multi-level domain names under the wildcard domain name.
- If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can directly add the wildcard domain name **``*``.example.com** to WAF for protection. - If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can directly add the wildcard domain name **\*.example.com** to WAF for protection.
- If each subdomain name points to different server IP addresses, add subdomain names as single domain names one by one. - If each subdomain name points to different server IP addresses, add subdomain names as single domain names one by one.

6
umn/source/rule_configuration/configuring_a_cc_attack_protection_rule.rst
View File

@ -17,10 +17,10 @@ Constraints
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the **Events** page. - It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the **Events** page.
- A reference table can be added to a CC attack protection rule. The reference table takes effect for all protected domain names. - A reference table can be added to a CC attack protection rule. The reference table takes effect for all protected domain names.
- A CC attack protection rule offers protective actions such as **Verification code** and **Block** for your choice. For example, you can configure a CC attack protection rule to block requests from a visit for 600 seconds by identifying their cookie (name field) if the visitor accessed a URL (for example, /admin\ ``*``) of your website over 10 times within 60 seconds. - A CC attack protection rule offers protective actions such as **Verification code** and **Block** for your choice. For example, you can configure a CC attack protection rule to block requests from a visit for 600 seconds by identifying their cookie (name field) if the visitor accessed a URL (for example, /admin*) of your website over 10 times within 60 seconds.
- The path in a CC attack protection rule must be set to a URL (excluding the domain name). This parameter allows prefix match and exact match. - The path in a CC attack protection rule must be set to a URL (excluding the domain name). This parameter allows prefix match and exact match.
- Prefix match: A path ending with ``*`` indicates that the path is used as a prefix. The ``*`` can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. - Prefix match: A path ending with \* indicates that the path is used as a prefix. The \* can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***.
- Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**. - Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**.
Procedure Procedure
@ -68,7 +68,7 @@ Procedure
| | | | | | | |
| | Part of the URL without the domain name. | | | | Part of the URL without the domain name. | |
| | | | | | | |
| | - Prefix match: A path ending with ``*`` indicates that the path is used as a prefix. The ``*`` can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. | | | | - Prefix match: A path ending with \* indicates that the path is used as a prefix. The \* can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. | |
| | - Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**. | | | | - Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**. | |
| | | | | | | |
| | .. note:: | | | | .. note:: | |

58
umn/source/rule_configuration/configuring_a_data_masking_rule.rst
View File

@ -57,35 +57,35 @@ Procedure
.. table:: **Table 1** Rule parameters .. table:: **Table 1** Rule parameters
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Description | Example Value | | Parameter | Description | Example Value |
+=======================+==========================================================================================================================================================================================================+==============================================================================================================================+ +=======================+=======================================================================================================================================================================================================+==============================================================================================================================+
| Path | Part of the URL that does not include the domain name. | **/admin/login.php** | | Path | Part of the URL that does not include the domain name. | **/admin/login.php** |
| | | | | | | |
| | - Prefix match: The path ending with ``*`` indicates that the path is used as a prefix. For example, if the path to be protected is **/admin/test.php** or **/adminabc**, set **Path** to **/admin\***. | For example, if the URL to be protected is **http://www.example.com/admin/login.php**, set **Path** to **/admin/login.php**. | | | - Prefix match: The path ending with \* indicates that the path is used as a prefix. For example, if the path to be protected is **/admin/test.php** or **/adminabc**, set **Path** to **/admin\***. | For example, if the URL to be protected is **http://www.example.com/admin/login.php**, set **Path** to **/admin/login.php**. |
| | - Exact match: The path to be entered must match the path to be protected. If the path to be protected is **/admin**, set **Path** to **/admin**. | | | | - Exact match: The path to be entered must match the path to be protected. If the path to be protected is **/admin**, set **Path** to **/admin**. | |
| | | | | | | |
| | .. note:: | | | | .. note:: | |
| | | | | | | |
| | - The path supports prefix and exact matches only and does not support regular expressions. | | | | - The path supports prefix and exact matches only and does not support regular expressions. | |
| | - The path cannot contain two or more consecutive slashes. For example, **///admin**. If you enter **///admin**, WAF converts **///** to **/**. | | | | - The path cannot contain two or more consecutive slashes. For example, **///admin**. If you enter **///admin**, WAF converts **///** to **/**. | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
| Masked Field | A field set to be masked | - If **Masked Field** is **Params** and **Field Name** is **id**, content that matches **id** is masked. | | Masked Field | A field set to be masked | - If **Masked Field** is **Params** and **Field Name** is **id**, content that matches **id** is masked. |
| | | - If **Masked Field** is **Cookie** and **Field Name** is **name**, content that matches **name** is masked. | | | | - If **Masked Field** is **Cookie** and **Field Name** is **name**, content that matches **name** is masked. |
| | - **Params**: A request parameter | | | | - **Params**: A request parameter | |
| | - **Cookie**: A small piece of data to identify web visitors | | | | - **Cookie**: A small piece of data to identify web visitors | |
| | - **Header**: A user-defined HTTP header | | | | - **Header**: A user-defined HTTP header | |
| | - **Form**: A form parameter | | | | - **Form**: A form parameter | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
| Field Name | Set the parameter based on **Masked Field**. The masked field will not be displayed in logs. | | | Field Name | Set the parameter based on **Masked Field**. The masked field will not be displayed in logs. | |
| | | | | | | |
| | .. important:: | | | | .. important:: | |
| | | | | | | |
| | NOTICE: | | | | NOTICE: | |
| | The length of a subfield cannot exceed 2,048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed. | | | | The length of a subfield cannot exceed 2,048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed. | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
| Rule Description | A brief description of the rule. This parameter is optional. | None | | Rule Description | A brief description of the rule. This parameter is optional. | None |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
#. Click **Confirm**. The added data masking rule is displayed in the list of data masking rules. #. Click **Confirm**. The added data masking rule is displayed in the list of data masking rules.

2
umn/source/service_overview/specifications.rst
View File

@ -74,5 +74,5 @@ For more details, see :ref:`Table 2 <waf_01_0272__en-us_topic_0110861186_table15
.. important:: .. important::
- The number of domains is the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, ``*``.example.com). - The number of domains is the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, \*.example.com).
- If a domain name maps to different ports, each port is considered to represent a different domain name. For example, **www.example.com:8080** and **www.example.com:8081** are counted towards your quota as two distinct domain names. - If a domain name maps to different ports, each port is considered to represent a different domain name. For example, **www.example.com:8080** and **www.example.com:8081** are counted towards your quota as two distinct domain names.