Update content
This commit is contained in:
parent
17741332cb
commit
756760145c
@ -42,11 +42,11 @@ Procedure
|
||||
|
||||
.. table:: **Table 1** Parameter description
|
||||
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+=======================+===========================================================================================================================================================================================================================================================================================================================================+==========================================+
|
||||
+=======================+========================================================================================================================================================================================================================================================================================================================================+==========================================+
|
||||
| Website Name | Website name you specify. | WAF-DT |
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
| Protected Object | A domain name or IP address of the website to be protected. The domain name can be a single domain name or a wildcard domain name. | Single domain name: **www.example.com** |
|
||||
| | | |
|
||||
| | - Single domain name: Enter a single domain name. For example, www.example.com. | Wildcard domain name: **\*.example.com** |
|
||||
@ -56,15 +56,15 @@ Procedure
|
||||
| | | |
|
||||
| | Wildcard domain names cannot contain underscores (_). | |
|
||||
| | | |
|
||||
| | - If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **``*``.example.com** to WAF to protect all three. | |
|
||||
| | - If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **\*.example.com** to WAF to protect all three. | |
|
||||
| | - If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one. | |
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
| Website Remarks | Brief description of the website | test |
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
| Protected Port | Select the port that needs to be protected from the drop-down list box. | Standard ports |
|
||||
| | | |
|
||||
| | To protect port 80 or 443, select **Standard port** from the drop-down list. | |
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
| Server Configuration | Address of the web server. The configuration contains the **Client Protocol**, **Server protocol**, VPC, **Server Address,** and **Server Port**. | **Client Protocol**: **HTTP** |
|
||||
| | | |
|
||||
| | - **Client Protocol**: Protocol used for forwarding a client requests to the dedicated WAF instance. The options are **HTTP** and **HTTPS**. | **Server Protocol**: **HTTP** |
|
||||
@ -77,7 +77,7 @@ Procedure
|
||||
| | - **VPC**: Select the VPC to which the dedicated WAF instance belongs. | |
|
||||
| | - **Server Address**: Private IP address or domain name of the website server that a client (for example, a browser) accesses. | |
|
||||
| | - **Server Port**: service port of the server to which the dedicated WAF instance forwards client requests. | |
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
| Certificate Name | If you set **Client Protocol** to **HTTPS**, an SSL certificate is required. You can select an existing certificate or import an external certificate. For details about how to import a certificate, see :ref:`Importing a New Certificate <waf_01_0250__section36817893018>`. | ``-`` |
|
||||
| | | |
|
||||
| | For details about how to create a certificate, see :ref:`Uploading a Certificate <waf_01_0078>`. | |
|
||||
@ -88,7 +88,7 @@ Procedure
|
||||
| | | |
|
||||
| | - Only .pem certificates can be used in WAF. If the certificate is not in .pem, convert it into a .pem certificate by referring to :ref:`Importing a New Certificate <waf_01_0250__section36817893018>` before uploading the certificate. | |
|
||||
| | - Each domain name must have a certificate associated. A wildcard domain name can only use a wildcard domain certificate. If you only have single-domain certificates, you need to add domain names one by one in WAF. | |
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------+
|
||||
|
||||
7. Configure **Proxy**.
|
||||
|
||||
|
||||
@ -7,9 +7,9 @@ How Does WAF Forward Access Requests When Both a Wildcard Domain Name and a Sing
|
||||
|
||||
WAF preferentially forwards access requests to the single domain name. If the single domain name cannot be identified, access requests will be forwarded to the wildcard domain name.
|
||||
|
||||
For example, if you connect single domain name a.example.com and wildcard domain name ``*``.example.com to WAF, WAF preferentially forwards access requests to single domain name a.example.com.
|
||||
For example, if you connect single domain name a.example.com and wildcard domain name \*.example.com to WAF, WAF preferentially forwards access requests to single domain name a.example.com.
|
||||
|
||||
If you are configuring a wildcard domain name, pay attention to the following:
|
||||
|
||||
- If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **``*``.example.com** to WAF to protect all three.
|
||||
- If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can add the wildcard domain name **\*.example.com** to WAF to protect all three.
|
||||
- If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.
|
||||
|
||||
@ -15,5 +15,5 @@ Yes. When adding a domain name to WAF, you can configure a single domain name or
|
||||
|
||||
You can configure a wildcard domain name to let WAF protect multi-level domain names under the wildcard domain name.
|
||||
|
||||
- If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can directly add the wildcard domain name **``*``.example.com** to WAF for protection.
|
||||
- If the server IP address of each subdomain name is the same, enter a wildcard domain name to be protected. For example, if the subdomain names **a.example.com**, **b.example.com**, and **c.example.com** have the same server IP address, you can directly add the wildcard domain name **\*.example.com** to WAF for protection.
|
||||
- If each subdomain name points to different server IP addresses, add subdomain names as single domain names one by one.
|
||||
|
||||
@ -17,10 +17,10 @@ Constraints
|
||||
|
||||
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the **Events** page.
|
||||
- A reference table can be added to a CC attack protection rule. The reference table takes effect for all protected domain names.
|
||||
- A CC attack protection rule offers protective actions such as **Verification code** and **Block** for your choice. For example, you can configure a CC attack protection rule to block requests from a visit for 600 seconds by identifying their cookie (name field) if the visitor accessed a URL (for example, /admin\ ``*``) of your website over 10 times within 60 seconds.
|
||||
- A CC attack protection rule offers protective actions such as **Verification code** and **Block** for your choice. For example, you can configure a CC attack protection rule to block requests from a visit for 600 seconds by identifying their cookie (name field) if the visitor accessed a URL (for example, /admin*) of your website over 10 times within 60 seconds.
|
||||
- The path in a CC attack protection rule must be set to a URL (excluding the domain name). This parameter allows prefix match and exact match.
|
||||
|
||||
- Prefix match: A path ending with ``*`` indicates that the path is used as a prefix. The ``*`` can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***.
|
||||
- Prefix match: A path ending with \* indicates that the path is used as a prefix. The \* can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***.
|
||||
- Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**.
|
||||
|
||||
Procedure
|
||||
@ -68,7 +68,7 @@ Procedure
|
||||
| | | |
|
||||
| | Part of the URL without the domain name. | |
|
||||
| | | |
|
||||
| | - Prefix match: A path ending with ``*`` indicates that the path is used as a prefix. The ``*`` can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. | |
|
||||
| | - Prefix match: A path ending with \* indicates that the path is used as a prefix. The \* can be used as a wildcard value. For example, to protect **/admin/test.php** or **/adminabc**, you can set **Path** to **/admin\***. | |
|
||||
| | - Exact match: The path to be entered must be the same as the path to be protected. For example, to protect **/admin**, then **Path** must be set to **/admin**. | |
|
||||
| | | |
|
||||
| | .. note:: | |
|
||||
|
||||
@ -57,35 +57,35 @@ Procedure
|
||||
|
||||
.. table:: **Table 1** Rule parameters
|
||||
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Parameter | Description | Example Value |
|
||||
+=======================+==========================================================================================================================================================================================================+==============================================================================================================================+
|
||||
+=======================+=======================================================================================================================================================================================================+==============================================================================================================================+
|
||||
| Path | Part of the URL that does not include the domain name. | **/admin/login.php** |
|
||||
| | | |
|
||||
| | - Prefix match: The path ending with ``*`` indicates that the path is used as a prefix. For example, if the path to be protected is **/admin/test.php** or **/adminabc**, set **Path** to **/admin\***. | For example, if the URL to be protected is **http://www.example.com/admin/login.php**, set **Path** to **/admin/login.php**. |
|
||||
| | - Prefix match: The path ending with \* indicates that the path is used as a prefix. For example, if the path to be protected is **/admin/test.php** or **/adminabc**, set **Path** to **/admin\***. | For example, if the URL to be protected is **http://www.example.com/admin/login.php**, set **Path** to **/admin/login.php**. |
|
||||
| | - Exact match: The path to be entered must match the path to be protected. If the path to be protected is **/admin**, set **Path** to **/admin**. | |
|
||||
| | | |
|
||||
| | .. note:: | |
|
||||
| | | |
|
||||
| | - The path supports prefix and exact matches only and does not support regular expressions. | |
|
||||
| | - The path cannot contain two or more consecutive slashes. For example, **///admin**. If you enter **///admin**, WAF converts **///** to **/**. | |
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Masked Field | A field set to be masked | - If **Masked Field** is **Params** and **Field Name** is **id**, content that matches **id** is masked. |
|
||||
| | | - If **Masked Field** is **Cookie** and **Field Name** is **name**, content that matches **name** is masked. |
|
||||
| | - **Params**: A request parameter | |
|
||||
| | - **Cookie**: A small piece of data to identify web visitors | |
|
||||
| | - **Header**: A user-defined HTTP header | |
|
||||
| | - **Form**: A form parameter | |
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Field Name | Set the parameter based on **Masked Field**. The masked field will not be displayed in logs. | |
|
||||
| | | |
|
||||
| | .. important:: | |
|
||||
| | | |
|
||||
| | NOTICE: | |
|
||||
| | The length of a subfield cannot exceed 2,048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed. | |
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Rule Description | A brief description of the rule. This parameter is optional. | None |
|
||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
#. Click **Confirm**. The added data masking rule is displayed in the list of data masking rules.
|
||||
|
||||
|
||||
@ -74,5 +74,5 @@ For more details, see :ref:`Table 2 <waf_01_0272__en-us_topic_0110861186_table15
|
||||
|
||||
.. important::
|
||||
|
||||
- The number of domains is the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, ``*``.example.com).
|
||||
- The number of domains is the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, \*.example.com).
|
||||
- If a domain name maps to different ports, each port is considered to represent a different domain name. For example, **www.example.com:8080** and **www.example.com:8081** are counted towards your quota as two distinct domain names.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user