lbelejka/cloud-firewall
1
0
Fork 0
forked from docs/cloud-firewall
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2024-07-30 08:21:06 +00:00
parent ce759726a8
commit 123a48b708
152 changed files with 2407 additions and 2141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
umn/source/_static/images/en-us_image_0000001525649726.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 766 B

BIN
umn/source/_static/images/en-us_image_0000001573546394.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 520 B

BIN
umn/source/_static/images/en-us_image_0000001576372729.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 766 B

BIN
umn/source/_static/images/en-us_image_0000001582722817.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 664 B

BIN
umn/source/_static/images/en-us_image_0000001623223858.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 363 B

BIN
umn/source/_static/images/en-us_image_0000001749911812.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 139 KiB

BIN
umn/source/_static/images/en-us_image_0000001796271293.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 112 KiB

BIN
umn/source/_static/images/en-us_image_0000001858653300.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 283 B

BIN
umn/source/_static/images/en-us_image_0000001858812060.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 KiB

BIN
umn/source/_static/images/en-us_image_0000001889194328.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 556 B

BIN
umn/source/_static/images/en-us_image_0000001904972049.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 KiB

BIN
umn/source/_static/images/en-us_image_0000001922057320.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
umn/source/_static/images/en-us_image_0000001922291358.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

BIN
umn/source/_static/images/en-us_image_0000001922291366.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

0
umn/source/_static/images/en-us_image_0000001799905521.png → umn/source/_static/images/en-us_image_0000001922451014.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 80 KiB

After

Width:  |  Height:  |  Size: 80 KiB

BIN
umn/source/_static/images/en-us_image_0000001932695044.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 B

0
umn/source/_static/images/en-us_image_0000001726839642.png → umn/source/_static/images/en-us_image_0000001936832142.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.4 KiB

After

Width:  |  Height:  |  Size: 9.4 KiB

0
umn/source/_static/images/en-us_image_0000001774402213.png → umn/source/_static/images/en-us_image_0000001936832146.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.9 KiB

After

Width:  |  Height:  |  Size: 9.9 KiB

0
umn/source/_static/images/en-us_image_0000001582445609.png → umn/source/_static/images/en-us_image_0000001937115664.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 664 B

After

Width:  |  Height:  |  Size: 664 B

0
umn/source/_static/images/en-us_image_0000001796458601.png → umn/source/_static/images/en-us_image_0000001950170221.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 108 KiB

0
umn/source/_static/images/en-us_image_0000001796836733.png → umn/source/_static/images/en-us_image_0000001950170229.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 52 KiB

After

Width:  |  Height:  |  Size: 52 KiB

0
umn/source/_static/images/en-us_image_0000001774534265.png → umn/source/_static/images/en-us_image_0000001964045585.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 14 KiB

BIN
umn/source/_static/images/en-us_image_0000001964194709.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 622 B

BIN
umn/source/_static/images/en-us_image_0000001969671085.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 353 B

BIN
umn/source/_static/images/en-us_image_0000001969790077.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 353 B

BIN
umn/source/_static/images/en-us_image_0000001988385489.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 547 B

BIN
umn/source/_static/images/en-us_image_0000001988385497.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 547 B

BIN
umn/source/_static/images/en-us_image_0000001988387381.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 547 B

77
umn/source/attack_defense/attack_defense_overview.rst Normal file
View File

@ -0,0 +1,77 @@
:original_name: cfw_01_0277.html
.. _cfw_01_0277:
Attack Defense Overview
=======================
CFW can defend against network attacks and virus files. You are advised to set **Protection Mode** to **Intercept** in a timely manner.
Prerequisites
-------------
Traffic protection has been enabled.
- For details about how to enable EIP traffic protection, see :ref:`Enabling Internet Border Traffic Protection <cfw_01_0031>`.
- For details about how to enable VPC traffic protection, see :ref:`Enabling VPC Border Traffic Protection <cfw_01_0078>`.
- For details about how to enable traffic protection for private IP addresses, see :ref:`Enabling NAT Gateway Traffic Protection <cfw_01_0266>`.
.. _cfw_01_0277__section19642352202214:
Defense Against Network Attacks and Virus Files
-----------------------------------------------
The following methods can be used:
- IPS provides you with basic protection functions, and, with many years of attack defense experience, it detects and defends against a wide range of common network attacks and effectively protects your assets.
- IPS provides four protection modes. For details about how to configure it, see :ref:`Adjusting the IPS Protection Mode to Block Network Attacks <cfw_01_0032__section385820543273>`.
- **Observe**: Attacks are detected and recorded in logs but are not intercepted.
- **Intercept**: Attacks and abnormal IP address access are automatically intercepted.
- **Intercept mode - loose**: The protection granularity is coarse. In this mode, only attacks with high threat and high certainty are blocked.
- **Intercept mode - moderate**: The protection granularity is medium. This mode meets protection requirements in most scenarios.
- **Intercept mode - strict**: The protection granularity is fine-grained, and all attack requests are intercepted.
- IPS provides multiple types of rule libraries. For details, see :ref:`Table 1 <cfw_01_0277__table1655118365215>`. Different rules are enabled for different interception modes. For details, see :ref:`Default Actions of Rule Groups in Different Protection Modes <cfw_01_0168__section875111419156>`.
.. _cfw_01_0277__table1655118365215:
.. table:: **Table 1** Intrusion prevention rule libraries
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Function | Description | Check Type | Configuration Method |
+===================================================================+========================================================================================================================================================================+==================================================================================================================================================================================+===========================================================================================================================================================+
| Basic defense | A built-in rule library. It covers common network attacks and provides basic protection capabilities for your assets. | - Scan for threats and scan vulnerabilities. | For details about how to view and modify rule library settings, see :ref:`Modifying the Protection Action of an Intrusion Prevention Rule <cfw_01_0168>`. |
| | | - Check whether traffic contains phishing, Trojans, worms, hacker tools, spyware, password attacks, vulnerability attacks, SQL injection attacks, XSS attacks, and web attacks. | |
| | | - Checks whether there are protocol anomalies, buffer overflow, access control, suspicious DNS activities, and other suspicious behaviors in traffic. | |
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Virtual patch | Hot patches are provided for IPS at the network layer to intercept high-risk remote attacks in real time and prevent service interruption during vulnerability fixing. | | |
| | | | |
| | Updated rules are added to the virtual patch library first. You can determine whether to add the rules to the basic defense library. | | |
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Custom IPS signature (supported only by the professional edition) | If the built-in rule library cannot meet your requirements, you can customize signature rules. | The check types are the same as those of **Basic defense**. | For details, see :ref:`Customizing IPS Signatures <cfw_01_0188>`. |
| | | | |
| | | Signature rules of the HTTP, TCP, UDP, POP3, SMTP and FTP protocols can be added. | |
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
- Sensitive directory scan can defend against scanning attacks on sensitive directories on cloud servers. For details, see :ref:`Enabling Sensitive Directory Scan Defense <cfw_01_0032__section61321527141315>`.
- Reverse shell detection can defend against network attacks in reverse shell mode. For details, see :ref:`Enabling Reverse Shell Defense <cfw_01_0032__section17909527114711>`.
- Antivirus can identify and process virus-infected files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus-infected files. HTTP, SMTP, POP3, FTP, IMAP4 and SMB protocols can be checked.
For details about antivirus, see :ref:`Blocking Virus-infected Files <cfw_01_0195>`.
Protection Actions
------------------
- **Observe**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and does not block the traffic.
- **Intercept**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and blocks it.
- **Disable**: The firewall does not log or block the traffic that matches the current rule.
References
----------
For details about the protection overview, see :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`. For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.

85
umn/source/attack_defense/blocking_network_attacks.rst Normal file
View File

@ -0,0 +1,85 @@
:original_name: cfw_01_0032.html
.. _cfw_01_0032:
Blocking Network Attacks
========================
CFW provides :ref:`attack defense <cfw_01_0277__section19642352202214>` to help you detect common network attacks.
.. _cfw_01_0032__section385820543273:
Adjusting the IPS Protection Mode to Block Network Attacks
----------------------------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**.
#. Select a proper protection mode.
- **Observe**: Attacks are detected and recorded in logs but are not intercepted.
- **Intercept**: Attacks and abnormal IP address access are automatically intercepted.
- **Intercept mode - loose**: The protection granularity is coarse. In this mode, only attacks with high threat and high certainty are blocked.
- **Intercept mode - moderate**: The protection granularity is medium. This mode meets protection requirements in most scenarios.
- **Intercept mode - strict**: The protection granularity is fine-grained, and all attack requests are intercepted.
.. note::
- You are advised to use the **observe** mode for a period of time before using the **intercept** mode. For details about how to view attack event logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`
- If packets are incorrectly blocked by a defense rule, you can modify the action of the rule in the basic defense rule library. For details, see :ref:`IPS Rule Management <cfw_01_0167>`.
.. _cfw_01_0032__section61321527141315:
Enabling Sensitive Directory Scan Defense
-----------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image2| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**.
#. In the **Sensitive Directory Scan Defense** area, click |image3| to enable protection.
- **Action**:
- **Observe**: If the firewall detects a sensitive directory scanning attack, it only records the attack in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
- **Block session**: If the firewall detects a sensitive directory scan attack, it blocks the current session.
- **Block IP**: If CFW detects a sensitive directory scan attack, it blocks the attack IP address for a period of time.
- **Duration**: If **Action** is set to **Block IP**, you can set the blocking duration. The value range is 60s to 3,600s.
- **Threshold**: CFW performs the specified action if the scan frequency of a sensitive directory reaches this threshold.
.. _cfw_01_0032__section17909527114711:
Enabling Reverse Shell Defense
------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image4| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**.
#. In the **Reverse Shell Defense** module, click |image5| to enable defense.
- **Action**:
- **Observe**: If the firewall detects a reverse shell attack, it only records the attack in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
- **Block session**: If the firewall detects a reverse shell attack, it blocks the current session.
- **Block IP**: If CFW detects a reverse shell attack, it blocks the attack IP address for a period of time.
- **Duration**: If **Action** is set to **Block IP**, you can set the blocking duration. The value range is 60s to 3,600s.
- **Mode**:
- **Conservative**: coarse-grained protection. If a single session is attacked for four times, observation or interception is triggered. It ensures that no false positives are reported.
- **Sensitive**: fine-grained protection. If a single session is attacked for two times, observation or interception is triggered. It ensures that attacks can be detected and handled.
Follow-up Operations
--------------------
For details about the protection overview, see :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`. For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
.. |image2| image:: /_static/images/en-us_image_0000001259322747.png
.. |image3| image:: /_static/images/en-us_image_0000001969790077.png
.. |image4| image:: /_static/images/en-us_image_0000001259322747.png
.. |image5| image:: /_static/images/en-us_image_0000001969671085.png

23
umn/source/managing_the_antivirus_function.rst → umn/source/attack_defense/blocking_virus-infected_files.rst
View File

@ -2,8 +2,8 @@
.. _cfw_01_0195:
Managing the Antivirus Function
===============================
Blocking Virus-infected Files
=============================
The anti-virus function identifies and processes virus files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus files.
@ -14,27 +14,27 @@ Specification Limitations
Antivirus is available only in the professional edition.
Enabling Antivirus
------------------
Enabling Antivirus to Block Virus-infected Files
------------------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Antivirus**.
#. Click |image2| to enable antivirus.
.. note::
After antivirus is enabled, **Current Action** is **Disable** by default. For details about how to change the defense action, see :ref:`Changing a Defense Action <cfw_01_0195__section115051117231>`.
After antivirus is enabled, **Current Action** is **Disable** by default. For details about how to change the defense action, see :ref:`Modifying the Virus Defense Action for Better Protection Effect <cfw_01_0195__section115051117231>`.
.. _cfw_01_0195__section115051117231:
Changing a Defense Action
-------------------------
Modifying the Virus Defense Action for Better Protection Effect
---------------------------------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image3| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Antivirus**.
#. Click an action in the **Operation** column of a rule.
@ -42,6 +42,11 @@ Changing a Defense Action
- **Block**: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in :ref:`attack event logs <cfw_01_0139__section1131659192010>` and blocks it.
- **Disable**: The firewall does not perform virus checks on the traffic of a protocol.
Follow-up Operations
--------------------
For details about the protection overview, see :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`. For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
.. |image2| image:: /_static/images/en-us_image_0000001617930157.png
.. |image3| image:: /_static/images/en-us_image_0000001259322747.png

22
umn/source/attack_defense/index.rst Normal file
View File

@ -0,0 +1,22 @@
:original_name: cfw_01_0276.html
.. _cfw_01_0276:
Attack Defense
==============
- :ref:`Attack Defense Overview <cfw_01_0277>`
- :ref:`Blocking Network Attacks <cfw_01_0032>`
- :ref:`Blocking Virus-infected Files <cfw_01_0195>`
- :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`
- :ref:`IPS Rule Management <cfw_01_0167>`
.. toctree::
:maxdepth: 1
:hidden:
attack_defense_overview
blocking_network_attacks
blocking_virus-infected_files
viewing_attack_defense_information_on_the_dashboard
ips_rule_management/index

22
umn/source/managing_basic_protection_rules/customizing_ips_signatures.rst → umn/source/attack_defense/ips_rule_management/customizing_ips_signatures.rst
View File

@ -9,6 +9,10 @@ You can configure network detection signature rules in CFW. CFW will detect thre
HTTP, TCP, UDP, POP3, SMTP and FTP protocols can be configured in user-defined IPS signatures.
.. caution::
User-defined signatures need to be specific. General signatures may match too much traffic and affect traffic forwarding performance.
Constraints
-----------
@ -17,14 +21,15 @@ Constraints
- Custom IPS signatures are not affected by the change of the basic protection mode.
- **Content** can be set to **URI** only if **Direction** is set to **Client to server** and **Protocol Type** is set to **HTTP**.
Procedure
---------
Customizing IPS Signatures
--------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**. Click **Check Rules** in the **Custom IPS Signature** area.
@ -49,7 +54,7 @@ Procedure
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Direction | Direction of the traffic matching the feature. Its value can be: |
| | |
| | - **Any** |
| | - **Any**: Any direction. Traffic in any direction that meets other specified conditions matches the current rule. |
| | - Server to client |
| | - Client to server |
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+
@ -57,7 +62,7 @@ Procedure
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Source Type | Source port type. Its value can be: |
| | |
| | - **Any** |
| | - **Any**: Any port type. All ports match this type. |
| | - **Include** |
| | - **Exclude** |
| | |
@ -72,7 +77,7 @@ Procedure
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Destination Type | Destination port type. Its value can be: |
| | |
| | - **Any** |
| | - **Any**: Any port type. All ports match this type. |
| | - **Include** |
| | - **Exclude** |
| | |
@ -141,4 +146,9 @@ Related Operations
- To delete IPS signatures in batches, select signatures and click **Delete** above the list.
- To modify actions in batches, select signatures and click **Observe** or **Intercept** above the list.
Follow-up Operations
--------------------
For details about the protection overview, see :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`. For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

16
umn/source/attack_defense/ips_rule_management/index.rst Normal file
View File

@ -0,0 +1,16 @@
:original_name: cfw_01_0167.html
.. _cfw_01_0167:
IPS Rule Management
===================
- :ref:`Modifying the Protection Action of an Intrusion Prevention Rule <cfw_01_0168>`
- :ref:`Customizing IPS Signatures <cfw_01_0188>`
.. toctree::
:maxdepth: 1
:hidden:
modifying_the_protection_action_of_an_intrusion_prevention_rule
customizing_ips_signatures

78
umn/source/attack_defense/ips_rule_management/modifying_the_protection_action_of_an_intrusion_prevention_rule.rst Normal file
View File

@ -0,0 +1,78 @@
:original_name: cfw_01_0168.html
.. _cfw_01_0168:
Modifying the Protection Action of an Intrusion Prevention Rule
===============================================================
For rules in the basic defense rule library and the virtual patch rule library, you can manually modify their protection actions. After the modification, their actions do not change with the IPS protection mode.
If the rules in the rule library cannot meet your requirements, you can customize IPS signature rules. For details, see :ref:`Customizing IPS Signatures <cfw_01_0188>`.
Constraints
-----------
The restrictions on modifying an IPS rule are as follows:
- The action of a manually modified rule remains unchanged even if **Protection Mode** is changed.
- The constraints on manually modified actions are as follows:
- The actions of up to 3000 rules can be manually changed to observation.
- The actions of up to 3000 rules can be manually changed to interception.
- The actions of up to 128 rules can be manually changed to disabling.
.. _cfw_01_0168__section875111419156:
Default Actions of Rule Groups in Different Protection Modes
------------------------------------------------------------
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
| ``-`` | Mode | **Intercept mode - strict** | **Intercept mode - medium** | **Intercept mode - loose** |
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
| **Observe** rule group | Observe | Disable | Disable | Disable |
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
| **Strict** rule group | Observe | Intercept | Disable | Disable |
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
| **Medium** rule group | Observe | Intercept | Intercept | Disable |
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
| **Loose** rule group | Observe | Intercept | Intercept | Intercept |
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
.. note::
- **Observe**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and does not block the traffic.
- **Intercept**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and blocks it.
- **Disable**: The firewall does not log or block the traffic that matches the current rule.
.. _cfw_01_0168__section204771329204015:
Modifying the Action of a Basic Protection Rule
-----------------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**. Click **View Effective Rules** under **Basic Protection**. The **Basic Protection** tab is displayed.
#. (Optional) To view the parameter details of a type of rules, set filter criteria in the input box above the list.
#. Click an action in the **Operation** column.
- **Observe**: The firewall logs the traffic that matches the current rule and does not block the traffic.
- **Intercept**: The firewall logs and blocks the traffic that matches the current rule.
- **Disable**: The firewall does not log or block the traffic that matches the current rule.
.. note::
- The action of a manually modified rule remains unchanged even if **Protection Mode** is changed. To restore the default action, select a rule and click **Restore Default**.
- The constraints on manually modified actions are as follows:
- The actions of up to 3000 rules can be manually changed to observation.
- The actions of up to 3000 rules can be manually changed to interception.
- The actions of up to 128 rules can be manually changed to disabling.
Related Operations
------------------
- Restoring the default actions of some rules: On the **Basic Protection** tab, select rules and click **Restore Default**.
- Restoring the default actions of all rules: On the **Basic Protection** tab, select rules and click **Restore All Defaults**.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

17
umn/source/security_dashboard.rst → umn/source/attack_defense/viewing_attack_defense_information_on_the_dashboard.rst
View File

@ -2,17 +2,17 @@
.. _cfw_01_0228:
Security Dashboard
==================
Viewing Attack Defense Information on the Dashboard
===================================================
You can easily check IPS defense information on the security dashboard and adjust defense policies in a timely manner.
On the security dashboard, you can quickly view protection information about attack defense functions (IPS, reverse shell defense, sensitive directory scan defense, and antivirus) and adjust IPS protection mode in a timely manner.
Procedure
---------
Viewing IPS Protection Information on the Dashboard
---------------------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Attack Defense** > **Security Dashboard**.
#. In the upper part of the page, click the **Internet Boundaries** or **Inter-VPC Borders** tab.
#. View statistics about protection rules of a firewall instance. You can select a query duration from the drop-down list.
@ -48,4 +48,9 @@ Procedure
- **Top Attack Targets**: Destination IP addresses, ports, and applications.
- **Top Attack Sources**: Source IP addresses and types.
Related Operations
------------------
For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

214
umn/source/auditing_logs/log_management/adding_alarm_notifications.rst
View File

File diff suppressed because it is too large Load Diff

26
umn/source/auditing_logs/log_management/index.rst
View File

@ -1,26 +0,0 @@
:original_name: cfw_01_0140.html
.. _cfw_01_0140:
Log Management
==============
- :ref:`Log Settings <cfw_01_0141>`
- :ref:`Changing the Log Storage Duration <cfw_01_0142>`
- :ref:`Adding Alarm Notifications <cfw_01_0143>`
- :ref:`Log Structuring <cfw_01_0144>`
- :ref:`Visualization <cfw_01_0145>`
- :ref:`Quick Analysis <cfw_01_0146>`
- :ref:`Log Field Description <cfw_01_0147>`
.. toctree::
:maxdepth: 1
:hidden:
log_settings
changing_the_log_storage_duration
adding_alarm_notifications
log_structuring
visualization
quick_analysis
log_field_description

42
umn/source/auditing_logs/log_management/log_structuring.rst
View File

@ -1,42 +0,0 @@
:original_name: cfw_01_0144.html
.. _cfw_01_0144:
Log Structuring
===============
Log data can be structured or unstructured. Structured data is quantitative data or can be defined by unified data models. It has a fixed length and format. Unstructured data has no pre-defined data models and cannot be fit into two-dimensional tables of databases.
During log structuring, logs with fixed or similar formats are extracted from a log stream based on your defined structuring method and irrelevant logs are filtered out. You can then use SQL syntax to query and analyze the structured logs.
Prerequisites
-------------
Logs have been dumped to LTS by configuring :ref:`Log Settings <cfw_01_0141>`.
Procedure
---------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. In the navigation pane on the left, choose **Log Audit** > **Log Management**. Select the target log group and log stream.
#. Click the **Visualization** tab and select **JSON**.
#. Extract log fields.
a. Click **Step 1 Select a sample log event**, select a log event, or enter a log event in the text box, and click **OK**.
.. note::
Select a typical log.
b. Click **Intelligent Extraction** in **Step 2 Extract fields** to extract the log fields.
.. note::
- The **float** data type has seven digit precision.
- To have higher accuracy, you are advised to change the field type to **String** when the accuracy exceeds seven digits.
#. Click **Save**. The type of extracted fields cannot be changed after the structuring is complete.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

26
umn/source/auditing_logs/log_management/quick_analysis.rst
View File

@ -1,26 +0,0 @@
:original_name: cfw_01_0146.html
.. _cfw_01_0146:
Quick Analysis
==============
Quick analysis helps you collect and query log data. You can view statistics on logs by searching for specified fields.
Prerequisites
-------------
Logs have been dumped to LTS by configuring :ref:`Log Settings <cfw_01_0141>`.
Procedure
---------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. In the navigation pane on the left, choose **Log Audit** > **Log Management**. Select the target log group and log stream.
#. Click |image2| in the upper right corner of the page. On the **Index Settings** tab of the **Settings** page, add fields and enable quick analysis.
#. Click **OK**. The quick analysis task is created.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
.. |image2| image:: /_static/images/en-us_image_0000001623223858.png

79
umn/source/auditing_logs/log_management/visualization.rst
View File

@ -1,79 +0,0 @@
:original_name: cfw_01_0145.html
.. _cfw_01_0145:
Visualization
=============
Visualization allows you to query and analyze structured log fields using SQL statements. After log structuring, wait about 1-2 minutes for SQL query and analysis.
Prerequisites
-------------
- Logs have been dumped to LTS by configuring :ref:`Log Settings <cfw_01_0141>`.
- Log structuring has been completed. For details, see :ref:`Log Structuring <cfw_01_0144>`.
Procedure
---------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. In the navigation pane on the left, choose **Log Audit** > **Log Management**. Select the target log group and log stream.
#. Click the **Visualization** tab and select the chart type you want to use to display your query results.
Currently, five chart types are supported, as described in :ref:`Chart parameters <cfw_01_0145__table9968171023714>`.
.. _cfw_01_0145__table9968171023714:
.. table:: **Table 1** Chart parameters
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Chart Type | Description |
+===================================+===========================================================================================================================================================================================================================================================================================================================================================+
| Table Chart | - **Records per Page**: number of log events displayed per page. The value can be 10 (default), 20, 30, or 50. |
| | - **Filtering**: After the filtering function is enabled, you can filter results the right of the table header. Currently, only single-column search is supported. |
| | - **Sorting**: After the sorting function is enabled, you can select the ascending or descending order on the table header. |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Bar Chart | - **X Axis**: Select a field from the drop-down list box as the X axis. Digits and strings are supported. |
| | - **Y Axis**: Select a field from the drop-down list box as the Y axis. Only numeric data is supported. |
| | - **X Axis Title** and **Y Axis Title**: Set the titles for the X axis and Y axis. |
| | - **Y Axis Range**: Set the minimum and maximum values for the Y axis. |
| | - **Max Shown Categories**: The value can be 20, 40, 50 (default), 80, and 100. |
| | - **Show Labels**: Set this parameter based on your requirements. |
| | - **Stacked**: Set this parameter based on your requirements. If you enable it, labels cannot be shown. |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Line Chart | - **X Axis**: Select a field from the drop-down list box as the X axis. The value can be a number or a string. |
| | - **Y Axis**: Select a field from the drop-down list box as the Y axis. Only numeric data is supported. |
| | - **X Axis Title** and **Y Axis Title**: Set the titles for the X axis and Y axis. |
| | - **Y Axis Range**: Set the minimum and maximum values for the Y axis. |
| | - **Line**: Select **Curved** or **Straight**. |
| | - **Show Data Markers**: Set this parameter based on your requirements. |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Pie Chart | - **Category**: Select a field from the drop-down list box as the category. Only strings are supported. |
| | |
| | - **Value**: Select a field from the drop-down list box. Only numeric data is supported. |
| | |
| | - **Label Position**: Select **Inside** or **Outside**. This parameter can be set only after you enable **Show Labels**. |
| | |
| | - **Shown Categories**: The value can be 5, 10 (default), 20, 30, or 40. |
| | |
| | For example, if there are 20 categories and you only want to show 10, the first 10 categories will be represented by 10 slices, and the rest are grouped as one slice labeled as **Others**. |
| | |
| | - **Coxcomb Chart**: In a coxcomb chart, the radius of pie slices differs depending on the percentage of the data that the slices represent. |
| | |
| | - **Show Labels**: Set this parameter based on your requirements. |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Number Chart | - **Data Column**: Select a field as the data source. Numeric data is recommended. After you select a field, the first data in the field column is displayed in the chart. |
| | - **Add Comparison Data**: Set this parameter based on your requirements. |
| | - **Comparison Data**: Select a field as the source of the comparison data. Numeric data is recommended. After you select the absolute value of the comparison data, the difference between the absolute value and the values in the selected data column is displayed in the chart. Comparison data can be used only after the comparison value is set. |
| | - **Description**: You can add a description for numbers. |
| | - **Data Unit** and **Comparison Data Unit**: Set the units based on your requirements. |
| | - **Advanced Settings**: You can set **Number Format**, **Data Text Size**, **Comparison Data Text Size**, and **Unit Text Size**. |
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

32
umn/source/change_history.rst
View File

@ -5,14 +5,24 @@
Change History
==============
+-----------------------------------+-----------------------------------------------------------------------------------------+
| Date | Description |
+===================================+=========================================================================================+
| 2024-05-28 | This is the second official release. |
| | |
| | Added: |
| | |
| | The concept of defense traffic in section :ref:`Concepts Related to CFW <cfw_01_0057>`. |
+-----------------------------------+-----------------------------------------------------------------------------------------+
| 2024-04-30 | This is the first official release. |
+-----------------------------------+-----------------------------------------------------------------------------------------+
+-----------------------------------+------------------------------------------------------------------------------------------+
| Date | Description |
+===================================+==========================================================================================+
| 2024-07-29 | This is the third official release. |
| | |
| | Optimized: |
| | |
| | Inconsistency between the parameter description and the GUI |
| | |
| | Deleted: |
| | |
| | Log visualization and alarm rule configuration functions in the interconnection with LTS |
+-----------------------------------+------------------------------------------------------------------------------------------+
| 2024-05-28 | This is the second official release. |
| | |
| | Added: |
| | |
| | The concept of defense traffic in section :ref:`Basic Concepts <cfw_01_0057>`. |
+-----------------------------------+------------------------------------------------------------------------------------------+
| 2024-04-30 | This is the first official release. |
+-----------------------------------+------------------------------------------------------------------------------------------+

84
umn/source/checking_the_cfw_dashboard.rst → umn/source/checking_the_dashboard.rst
View File

File diff suppressed because it is too large Load Diff

27
umn/source/managing_acl_rules/managing_the_blacklist_and_the_whitelist/adding_an_item_to_the_blacklist_or_whitelist.rst → umn/source/configuring_access_control_policies_to_control_traffic/adding_blacklist_or_whitelist_items_to_block_or_allow_traffic.rst
View File

@ -2,35 +2,41 @@
.. _cfw_01_0065:
Adding an Item to the Blacklist or Whitelist
============================================
Adding Blacklist or Whitelist Items to Block or Allow Traffic
=============================================================
After EIP protection is enabled, all access is allowed by default. You can configure blacklist or whitelist rules to block or allow access requests from specific IP addresses.
After protection is enabled, CFW allows all traffic by default. You can configure the blacklist to block access requests from IP addresses or configure the whitelist to allow them.
.. caution::
If your IP address is a back-to-source WAF IP address, you are advised to configure a protection rule or the whitelist to allow its access. Exercise caution when configuring the blacklist, which may affect your services.
- For details about how to configure protection rules, see :ref:`Adding a Protection Rule <cfw_01_0030>`.
- For details about how to configure protection rules, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
Specification Limitations
-------------------------
The CFW blacklist and whitelist each allows up to 2,000 items. If there are too many IP addresses to be specified, you can put them in an IP address group dedicated to the blacklist or whitelist. For more information, see :ref:`Adding Custom IP Address Groups <cfw_01_0068>`.
- CFW supports up to 2,000 blacklist items and 2,000 whitelist items. If there are too many IP addresses to be specified, you can put them in an IP address group and select the IP address group when configuring protection rules.
- For details about how to add an IP address group, see :ref:`Adding Custom IP Address and Address Groups <cfw_01_0068>`.
- For details about how to add a protection rule, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
- To protect private IP addresses, use the professional edition firewall and enable :ref:`VPC border firewall <cfw_01_0078>` protection.
Impact on the System
--------------------
CFW directly allows whitelisted IP addresses and segments and blocks blacklisted ones without checking. To check the access and traffic statistics of these IP addresses, search for them by following the instructions in :ref:`Querying Logs <cfw_01_0139>`.
Procedure
---------
Adding Blacklist or Whitelist Items to Block or Allow Traffic
-------------------------------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Access Control** > **Access Policies**. Click the **Blacklist** or **Whitelist** tab.
@ -71,4 +77,9 @@ Procedure
#. Click **OK**.
Related Operations
------------------
For details about how to edit and remove blacklist or whitelist items, see :ref:`Managing the Blacklist and the Whitelist <cfw_01_0035>`.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png

424
umn/source/configuring_access_control_policies_to_control_traffic/configuring_protection_rules_to_block_or_allow_traffic/adding_protection_rules_to_block_or_allow_traffic.rst Normal file
View File

File diff suppressed because it is too large Load Diff

27
umn/source/configuring_access_control_policies_to_control_traffic/configuring_protection_rules_to_block_or_allow_traffic/example_1_allowing_the_inbound_traffic_from_a_specified_ip_address.rst Normal file
View File

@ -0,0 +1,27 @@
:original_name: cfw_01_0272.html
.. _cfw_01_0272:
Example 1: Allowing the Inbound Traffic from a Specified IP Address
===================================================================
This section describes how to allow access traffic from a specified IP address in the inbound direction. For more parameter settings, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
Allowing the Inbound Traffic from a Specified IP Address
--------------------------------------------------------
Configure two protection rules. One of them blocks all traffic, as shown in :ref:`Figure 1 <cfw_01_0272__cfw_01_0030_fig15421538161515>`. Its priority is the lowest. The other allows the traffic of a specified IP address, as shown in :ref:`Figure 2 <cfw_01_0272__cfw_01_0030_fig1718831219247>`. Its priority is the highest.
.. _cfw_01_0272__cfw_01_0030_fig15421538161515:
.. figure:: /_static/images/en-us_image_0000001936832142.png
:alt: **Figure 1** Blocking all traffic
**Figure 1** Blocking all traffic
.. _cfw_01_0272__cfw_01_0030_fig1718831219247:
.. figure:: /_static/images/en-us_image_0000001936832146.png
:alt: **Figure 2** Allowing a specified IP address
**Figure 2** Allowing a specified IP address

19
umn/source/configuring_access_control_policies_to_control_traffic/configuring_protection_rules_to_block_or_allow_traffic/example_2_blocking_access_from_a_region.rst Normal file
View File

@ -0,0 +1,19 @@
:original_name: cfw_01_0273.html
.. _cfw_01_0273:
Example 2: Blocking Access from a Region
========================================
This section describes how to block access traffic from a region. For more parameter settings, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
Blocking Access from a Region
-----------------------------
The following figure shows a rule that blocks all access traffic from **Germany**.
.. figure:: /_static/images/en-us_image_0000001964045585.png
:alt: **Figure 1** Intercepting the access traffic from **Germany**
**Figure 1** Intercepting the access traffic from **Germany**

19
umn/source/configuring_access_control_policies_to_control_traffic/configuring_protection_rules_to_block_or_allow_traffic/example_4_configuring_snat_protection_rules.rst Normal file
View File

@ -0,0 +1,19 @@
:original_name: cfw_01_0275.html
.. _cfw_01_0275:
Example 4: Configuring SNAT Protection Rules
============================================
This section describes how to configure SNAT-based defense. For more parameter settings, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
SNAT Protection Configuration
-----------------------------
Assume your private IP address is **10.1.1.2** and the external domain name accessed through the NAT gateway is **www.example.com**. Configure NAT protection as follows and set other parameters based on your deployment:
- **Rule Type**: **NAT**
- **Direction**: Select **SNAT**.
- **Source**: Select **IP address** and enter **10.1.1.2**.
- **Destination**: Select **Domain Name/Domain Group** and **Network**, and enter **www.example.com**.
- **Service**: Select **Service** and select **TCP/1-65535/1-65535** from the drop-down list.

20
umn/source/configuring_access_control_policies_to_control_traffic/configuring_protection_rules_to_block_or_allow_traffic/index.rst Normal file
View File

@ -0,0 +1,20 @@
:original_name: cfw_01_0271.html
.. _cfw_01_0271:
Configuring Protection Rules to Block or Allow Traffic
======================================================
- :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`
- :ref:`Example 1: Allowing the Inbound Traffic from a Specified IP Address <cfw_01_0272>`
- :ref:`Example 2: Blocking Access from a Region <cfw_01_0273>`
- :ref:`Example 4: Configuring SNAT Protection Rules <cfw_01_0275>`
.. toctree::
:maxdepth: 1
:hidden:
adding_protection_rules_to_block_or_allow_traffic
example_1_allowing_the_inbound_traffic_from_a_specified_ip_address
example_2_blocking_access_from_a_region
example_4_configuring_snat_protection_rules

42
umn/source/managing_acl_rules/managing_domain_name_groups/adding_a_domain_name_group.rst → umn/source/configuring_access_control_policies_to_control_traffic/domain_name_management/adding_a_domain_name_group.rst
View File

@ -19,25 +19,26 @@ Constraints
**Application Domain Name Group (Layer 7 Protocol Parsing)**
- A domain name group can have up to 1,500 domain names.
- A firewall instance can have up to 500 domain name groups.
- A firewall instance can have up to 2,500 domain names.
- A domain name group can have up to 1,500 domain names.
**Network Domain Name Group (Layer 4 Protocol Parsing)**
- A domain name group can have up to 15 domain names.
- Each domain name can resolve up to 1,000 IP addresses.
- Each domain name group can resolve up to 1,500 IP addresses.
- A firewall instance can have up to 1,000 domain names.
- A network domain name group can have up to 15 domain names.
- Each domain name group can resolve up to 1,500 IP addresses.
- Each domain name can resolve up to 1,000 IP addresses.
Procedure
---------
Adding a Domain Name Group
--------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column to go to the details page.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Access Control** > **Domain Name Groups**.
@ -68,11 +69,34 @@ Procedure
| | Domain names must be unique. |
+-----------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Adding a Domain Name to a Domain Group
--------------------------------------
#. Log in to the management console.
#. In the navigation pane on the left, click |image2| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
#. In the navigation pane, choose **Access Control** > **Service Groups**.
#. Click the name of a domain name group. The **Basic Information** and **Domain Names** areas are displayed.
#. Click **Add Domain** under the domain name list and enter domain name information.
You can click |image3| to add multiple services.
#. Confirm the information and click **OK**.
Related Operation
-----------------
- To edit a domain name group, click **Edit** in the **Operation** column.
- A domain name group takes effect only after it is set in a protection rule. For more information, see :ref:`Adding a Protection Rule <cfw_01_0030>`.
- Batch deleting domain names: Select domain names and click **Delete** above the list.
- To edit a domain name group, click the name of the target domain name group and click **Edit** on the right of **Basic Information**.
- A domain name group takes effect only after it is set in a protection rule. For more information, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
- To view the IP addresses resolved by a domain name group of the network domain name group type, click the domain name group name to go to the **Basic Information** page, and click **IP address** in the **Operation** column of the domain name list.
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
.. |image2| image:: /_static/images/en-us_image_0000001259322747.png
.. |image3| image:: /_static/images/en-us_image_0000001988387381.png

Some files were not shown because too many files have changed in this diff Show More