forked from docs/cloud-firewall
Compare commits
5 Commits
main
...
propose-cf
| Author | SHA1 | Date | |
|---|---|---|---|
| 2889616e69 | |||
| 641b5a4ef0 | |||
| 123a48b708 | |||
| ce759726a8 | |||
| 89ab95b8f5 |
BIN
umn/source/_static/images/en-us_image_0000001259322747.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001259322747.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 116 B |
BIN
umn/source/_static/images/en-us_image_0000001293893596.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001293893596.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 113 B |
BIN
umn/source/_static/images/en-us_image_0000001294076372.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001294076372.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 113 B |
BIN
umn/source/_static/images/en-us_image_0000001349643997.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001349643997.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.2 KiB |
BIN
umn/source/_static/images/en-us_image_0000001443711605.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001443711605.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.2 KiB |
BIN
umn/source/_static/images/en-us_image_0000001443792005.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001443792005.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.2 KiB |
BIN
umn/source/_static/images/en-us_image_0000001525350932.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001525350932.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 19 KiB |
BIN
umn/source/_static/images/en-us_image_0000001532202610.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001532202610.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 664 B |
BIN
umn/source/_static/images/en-us_image_0000001532325404.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001532325404.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 664 B |
BIN
umn/source/_static/images/en-us_image_0000001532362570.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001532362570.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 622 B |
BIN
umn/source/_static/images/en-us_image_0000001582605405.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001582605405.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 622 B |
BIN
umn/source/_static/images/en-us_image_0000001617930157.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001617930157.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 598 B |
BIN
umn/source/_static/images/en-us_image_0000001625198857.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001625198857.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 714 B |
BIN
umn/source/_static/images/en-us_image_0000001625319329.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001625319329.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 116 B |
BIN
umn/source/_static/images/en-us_image_0000001636363317.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001636363317.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 42 KiB |
BIN
umn/source/_static/images/en-us_image_0000001673130380.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001673130380.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.2 KiB |
BIN
umn/source/_static/images/en-us_image_0000001690646797.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001690646797.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
BIN
umn/source/_static/images/en-us_image_0000001707369821.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001707369821.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 3.5 KiB |
BIN
umn/source/_static/images/en-us_image_0000001722053142.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001722053142.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 37 KiB |
BIN
umn/source/_static/images/en-us_image_0000001743556254.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001743556254.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 748 B |
BIN
umn/source/_static/images/en-us_image_0000001790475961.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001790475961.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 808 B |
BIN
umn/source/_static/images/en-us_image_0000001889194328.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001889194328.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 556 B |
BIN
umn/source/_static/images/en-us_image_0000001922057320.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001922057320.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 26 KiB |
BIN
umn/source/_static/images/en-us_image_0000001922291358.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001922291358.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 84 KiB |
BIN
umn/source/_static/images/en-us_image_0000001922291366.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001922291366.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 58 KiB |
BIN
umn/source/_static/images/en-us_image_0000001922451014.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001922451014.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 80 KiB |
BIN
umn/source/_static/images/en-us_image_0000001936832142.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001936832142.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 26 KiB |
BIN
umn/source/_static/images/en-us_image_0000001936832146.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001936832146.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 27 KiB |
BIN
umn/source/_static/images/en-us_image_0000001937115664.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001937115664.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 664 B |
BIN
umn/source/_static/images/en-us_image_0000001950170221.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001950170221.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 108 KiB |
BIN
umn/source/_static/images/en-us_image_0000001950170229.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001950170229.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 52 KiB |
BIN
umn/source/_static/images/en-us_image_0000001964045585.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001964045585.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 31 KiB |
BIN
umn/source/_static/images/en-us_image_0000001964194709.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001964194709.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 622 B |
BIN
umn/source/_static/images/en-us_image_0000001969671085.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001969671085.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 353 B |
BIN
umn/source/_static/images/en-us_image_0000001969790077.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001969790077.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 353 B |
BIN
umn/source/_static/images/en-us_image_0000001986387925.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001986387925.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 342 B |
78
umn/source/attack_defense/attack_defense_overview.rst
Normal file
78
umn/source/attack_defense/attack_defense_overview.rst
Normal file
@ -0,0 +1,78 @@
|
||||
:original_name: cfw_01_0200.html
|
||||
|
||||
.. _cfw_01_0200:
|
||||
|
||||
Attack Defense Overview
|
||||
=======================
|
||||
|
||||
CFW can defend against network attacks and virus files. You are advised to set **Protection Mode** to **Intercept** in a timely manner.
|
||||
|
||||
Prerequisites
|
||||
-------------
|
||||
|
||||
At least one type of traffic protection has been enabled.
|
||||
|
||||
- For details about how to enable EIP traffic protection, see :ref:`Enabling Internet Border Traffic Protection <cfw_01_0031>`.
|
||||
- For details about how to enable VPC traffic protection, see :ref:`Enabling VPC Border Traffic Protection <cfw_01_0078>`.
|
||||
|
||||
.. _cfw_01_0200__section19642352202214:
|
||||
|
||||
Defense Against Network Attacks and Virus Files
|
||||
-----------------------------------------------
|
||||
|
||||
The following methods can be used:
|
||||
|
||||
- IPS provides you with basic protection functions, and, with many years of attack defense experience, it detects and defends against a wide range of common network attacks and effectively protects your assets.
|
||||
|
||||
- IPS provides four protection modes. For details about how to configure it, see :ref:`Adjusting the IPS Protection Mode to Block Network Attacks <cfw_01_0032__section385820543273>`.
|
||||
|
||||
- **Observe**: Attacks are detected and recorded in logs but are not intercepted.
|
||||
- **Intercept**: Attacks and abnormal IP address access are automatically intercepted.
|
||||
|
||||
- **Intercept mode - loose**: The protection granularity is coarse. In this mode, only attacks with high threat and high certainty are blocked.
|
||||
- **Intercept mode - moderate**: The protection granularity is medium. This mode meets protection requirements in most scenarios.
|
||||
- **Intercept mode - strict**: The protection granularity is fine-grained, and all attack requests are intercepted.
|
||||
|
||||
- IPS provides multiple types of rule libraries. For details, see :ref:`Table 1 <cfw_01_0200__table1655118365215>`. Different rules are enabled for different interception modes. For details, see :ref:`Default Actions of Rule Groups in Different Protection Modes <cfw_01_0168__section875111419156>`.
|
||||
|
||||
.. _cfw_01_0200__table1655118365215:
|
||||
|
||||
.. table:: **Table 1** Intrusion prevention rule libraries
|
||||
|
||||
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Function | Description | Check Type | Configuration Method |
|
||||
+===================================================================+========================================================================================================================================================================+==================================================================================================================================================================================+===========================================================================================================================================================+
|
||||
| Basic defense | A built-in rule library. It covers common network attacks and provides basic protection capabilities for your assets. | - Scan for threats and scan vulnerabilities. | For details about how to view and modify rule library settings, see :ref:`Modifying the Protection Action of an Intrusion Prevention Rule <cfw_01_0168>`. |
|
||||
| | | - Check whether traffic contains phishing, Trojans, worms, hacker tools, spyware, password attacks, vulnerability attacks, SQL injection attacks, XSS attacks, and web attacks. | |
|
||||
| | | - Checks whether there are protocol anomalies, buffer overflow, access control, suspicious DNS activities, and other suspicious behaviors in traffic. | |
|
||||
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Virtual patch | Hot patches are provided for IPS at the network layer to intercept high-risk remote attacks in real time and prevent service interruption during vulnerability fixing. | | |
|
||||
| | | | |
|
||||
| | Updated rules are added to the virtual patch library first. You can determine whether to add the rules to the basic defense library. | | |
|
||||
| | | | |
|
||||
| | To add defense rules, enable this function to apply virtual patch rules. The protection action can be manually modified. | | |
|
||||
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Custom IPS signature (supported only by the professional edition) | If the built-in rule library cannot meet your requirements, you can customize signature rules. | The check types are the same as those of **Basic defense**. | For details, see :ref:`Customizing IPS Signatures <cfw_01_0188>`. |
|
||||
| | | | |
|
||||
| | | Signature rules of the HTTP, TCP, UDP, POP3, SMTP and FTP protocols can be added. | |
|
||||
+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
- Sensitive directory scan can defend against scanning attacks on sensitive directories on cloud servers. For details, see :ref:`Enabling Sensitive Directory Scan Defense <cfw_01_0032__section61321527141315>`.
|
||||
|
||||
- Reverse shell detection can defend against network attacks in reverse shell mode. For details, see :ref:`Enabling Reverse Shell Defense <cfw_01_0032__section17909527114711>`.
|
||||
|
||||
- Antivirus can identify and process virus-infected files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus-infected files. HTTP, SMTP, POP3, FTP, IMAP4 and SMB protocols can be checked.
|
||||
|
||||
For details about antivirus, see :ref:`Blocking Virus-infected Files <cfw_01_0195>`.
|
||||
|
||||
Protection Actions
|
||||
------------------
|
||||
|
||||
- **Observe**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and does not block the traffic.
|
||||
- **Intercept**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and blocks it.
|
||||
- **Disable**: The firewall does not log or block the traffic that matches the current rule.
|
||||
|
||||
References
|
||||
----------
|
||||
|
||||
For details about the protection overview, see :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`. For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
|
||||
85
umn/source/attack_defense/blocking_network_attacks.rst
Normal file
85
umn/source/attack_defense/blocking_network_attacks.rst
Normal file
@ -0,0 +1,85 @@
|
||||
:original_name: cfw_01_0032.html
|
||||
|
||||
.. _cfw_01_0032:
|
||||
|
||||
Blocking Network Attacks
|
||||
========================
|
||||
|
||||
CFW provides :ref:`attack defense <cfw_01_0200__section19642352202214>` to help you detect common network attacks.
|
||||
|
||||
.. _cfw_01_0032__section385820543273:
|
||||
|
||||
Adjusting the IPS Protection Mode to Block Network Attacks
|
||||
----------------------------------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**.
|
||||
#. Select a proper protection mode.
|
||||
|
||||
- **Observe**: Attacks are detected and recorded in logs but are not intercepted.
|
||||
- **Intercept**: Attacks and abnormal IP address access are automatically intercepted.
|
||||
|
||||
- **Intercept mode - loose**: The protection granularity is coarse. In this mode, only attacks with high threat and high certainty are blocked.
|
||||
- **Intercept mode - moderate**: The protection granularity is medium. This mode meets protection requirements in most scenarios.
|
||||
- **Intercept mode - strict**: The protection granularity is fine-grained, and all attack requests are intercepted.
|
||||
|
||||
.. note::
|
||||
|
||||
- You are advised to use the **observe** mode for a period of time before using the **intercept** mode. For details about how to view attack event logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
|
||||
- If packets are incorrectly blocked by a defense rule, you can modify the action of the rule in the basic defense rule library. For details, see :ref:`IPS Rule Management <cfw_01_0167>`.
|
||||
|
||||
.. _cfw_01_0032__section61321527141315:
|
||||
|
||||
Enabling Sensitive Directory Scan Defense
|
||||
-----------------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
#. In the navigation pane on the left, click |image2| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**.
|
||||
#. Click **Advanced**. In the **Sensitive Directory Scan Defense** area, click |image3| to enable protection.
|
||||
|
||||
- **Action**:
|
||||
|
||||
- **Observe**: If the firewall detects a sensitive directory scanning attack, it only records the attack in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
|
||||
- **Block session**: If the firewall detects a sensitive directory scan attack, it blocks the current session.
|
||||
- **Block IP**: If CFW detects a sensitive directory scan attack, it blocks the attack IP address for a period of time.
|
||||
|
||||
- **Duration**: If **Action** is set to **Block IP**, you can set the blocking duration. The value range is 60s to 3,600s.
|
||||
- **Threshold**: CFW performs the specified action if the scan frequency of a sensitive directory reaches this threshold.
|
||||
|
||||
.. _cfw_01_0032__section17909527114711:
|
||||
|
||||
Enabling Reverse Shell Defense
|
||||
------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
#. In the navigation pane on the left, click |image4| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**.
|
||||
#. Click **Advanced**. In the **Reverse Shell Defense** module, click |image5| to enable defense.
|
||||
|
||||
- **Action**:
|
||||
|
||||
- **Observe**: If the firewall detects a reverse shell attack, it only records the attack in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
|
||||
- **Block session**: If the firewall detects a reverse shell attack, it blocks the current session.
|
||||
- **Block IP**: If CFW detects a reverse shell attack, it blocks the attack IP address for a period of time.
|
||||
|
||||
- **Duration**: If **Action** is set to **Block IP**, you can set the blocking duration. The value range is 60s to 3,600s.
|
||||
- **Mode**:
|
||||
|
||||
- **Conservative**: coarse-grained protection. If a single session is attacked for four times, observation or interception is triggered. It ensures that no false positives are reported.
|
||||
- **Sensitive**: fine-grained protection. If a single session is attacked for two times, observation or interception is triggered. It ensures that attacks can be detected and handled.
|
||||
|
||||
Follow-up Operations
|
||||
--------------------
|
||||
|
||||
For details about the protection overview, see :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`. For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
.. |image2| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
.. |image3| image:: /_static/images/en-us_image_0000001969790077.png
|
||||
.. |image4| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
.. |image5| image:: /_static/images/en-us_image_0000001969671085.png
|
||||
52
umn/source/attack_defense/blocking_virus-infected_files.rst
Normal file
52
umn/source/attack_defense/blocking_virus-infected_files.rst
Normal file
@ -0,0 +1,52 @@
|
||||
:original_name: cfw_01_0195.html
|
||||
|
||||
.. _cfw_01_0195:
|
||||
|
||||
Blocking Virus-infected Files
|
||||
=============================
|
||||
|
||||
The anti-virus function identifies and processes virus files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus files.
|
||||
|
||||
The antivirus function can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB.
|
||||
|
||||
Specification Limitations
|
||||
-------------------------
|
||||
|
||||
Antivirus is available only in the professional edition.
|
||||
|
||||
Enabling Antivirus to Block Virus-infected Files
|
||||
------------------------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
#. In the navigation pane, choose **Attack Defense** > **Antivirus**.
|
||||
#. Click |image2| to enable antivirus.
|
||||
|
||||
.. note::
|
||||
|
||||
After antivirus is enabled, **Current Action** is **Disable** by default. For details about how to change the defense action, see :ref:`Modifying the Virus Defense Action for Better Protection Effect <cfw_01_0195__section115051117231>`.
|
||||
|
||||
.. _cfw_01_0195__section115051117231:
|
||||
|
||||
Modifying the Virus Defense Action for Better Protection Effect
|
||||
---------------------------------------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
#. In the navigation pane on the left, click |image3| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
#. In the navigation pane, choose **Attack Defense** > **Antivirus**.
|
||||
#. Click an action in the **Operation** column of a rule.
|
||||
|
||||
- **Observe**: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in :ref:`attack event logs <cfw_01_0139__section1131659192010>` but does not block it.
|
||||
- **Block**: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in :ref:`attack event logs <cfw_01_0139__section1131659192010>` and blocks it.
|
||||
- **Disable**: The firewall does not perform virus checks on the traffic of a protocol.
|
||||
|
||||
Follow-up Operations
|
||||
--------------------
|
||||
|
||||
For details about the protection overview, see :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`. For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
.. |image2| image:: /_static/images/en-us_image_0000001617930157.png
|
||||
.. |image3| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
22
umn/source/attack_defense/index.rst
Normal file
22
umn/source/attack_defense/index.rst
Normal file
@ -0,0 +1,22 @@
|
||||
:original_name: cfw_01_0276.html
|
||||
|
||||
.. _cfw_01_0276:
|
||||
|
||||
Attack Defense
|
||||
==============
|
||||
|
||||
- :ref:`Attack Defense Overview <cfw_01_0200>`
|
||||
- :ref:`Blocking Network Attacks <cfw_01_0032>`
|
||||
- :ref:`Blocking Virus-infected Files <cfw_01_0195>`
|
||||
- :ref:`Viewing Attack Defense Information on the Dashboard <cfw_01_0228>`
|
||||
- :ref:`IPS Rule Management <cfw_01_0167>`
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
:hidden:
|
||||
|
||||
attack_defense_overview
|
||||
blocking_network_attacks
|
||||
blocking_virus-infected_files
|
||||
viewing_attack_defense_information_on_the_dashboard
|
||||
ips_rule_management/index
|
||||
File diff suppressed because it is too large
Load Diff
16
umn/source/attack_defense/ips_rule_management/index.rst
Normal file
16
umn/source/attack_defense/ips_rule_management/index.rst
Normal file
@ -0,0 +1,16 @@
|
||||
:original_name: cfw_01_0167.html
|
||||
|
||||
.. _cfw_01_0167:
|
||||
|
||||
IPS Rule Management
|
||||
===================
|
||||
|
||||
- :ref:`Modifying the Protection Action of an Intrusion Prevention Rule <cfw_01_0168>`
|
||||
- :ref:`Customizing IPS Signatures <cfw_01_0188>`
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
:hidden:
|
||||
|
||||
modifying_the_protection_action_of_an_intrusion_prevention_rule
|
||||
customizing_ips_signatures
|
||||
@ -0,0 +1,78 @@
|
||||
:original_name: cfw_01_0168.html
|
||||
|
||||
.. _cfw_01_0168:
|
||||
|
||||
Modifying the Protection Action of an Intrusion Prevention Rule
|
||||
===============================================================
|
||||
|
||||
For rules in the basic defense rule library and the virtual patch rule library, you can manually modify their protection actions. After the modification, their actions do not change with the IPS protection mode.
|
||||
|
||||
If the rules in the rule library cannot meet your requirements, you can customize IPS signature rules. For details, see :ref:`Customizing IPS Signatures <cfw_01_0188>`.
|
||||
|
||||
Constraints
|
||||
-----------
|
||||
|
||||
The restrictions on modifying an IPS rule are as follows:
|
||||
|
||||
- The action of a manually modified rule remains unchanged even if **Protection Mode** is changed.
|
||||
- The constraints on manually modified actions are as follows:
|
||||
|
||||
- The actions of up to 3000 rules can be manually changed to observation.
|
||||
- The actions of up to 3000 rules can be manually changed to interception.
|
||||
- The actions of up to 128 rules can be manually changed to disabling.
|
||||
|
||||
.. _cfw_01_0168__section875111419156:
|
||||
|
||||
Default Actions of Rule Groups in Different Protection Modes
|
||||
------------------------------------------------------------
|
||||
|
||||
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
|
||||
| ``-`` | Mode | **Intercept mode - strict** | **Intercept mode - medium** | **Intercept mode - loose** |
|
||||
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
|
||||
| **Observe** rule group | Observe | Disable | Disable | Disable |
|
||||
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
|
||||
| **Strict** rule group | Observe | Intercept | Disable | Disable |
|
||||
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
|
||||
| **Medium** rule group | Observe | Intercept | Intercept | Disable |
|
||||
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
|
||||
| **Loose** rule group | Observe | Intercept | Intercept | Intercept |
|
||||
+------------------------+---------+-----------------------------+-----------------------------+----------------------------+
|
||||
|
||||
.. note::
|
||||
|
||||
- **Observe**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and does not block the traffic.
|
||||
- **Intercept**: The firewall records the traffic that matches the current rule in :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>` and blocks it.
|
||||
- **Disable**: The firewall does not log or block the traffic that matches the current rule.
|
||||
|
||||
.. _cfw_01_0168__section204771329204015:
|
||||
|
||||
Modifying the Action of a Basic Protection Rule
|
||||
-----------------------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
#. In the navigation pane, choose **Attack Defense** > **Intrusion Prevention**. Click **View Effective Rules** under **Basic Protection**. The **Basic Protection** tab is displayed.
|
||||
#. (Optional) To view the parameter details of a type of rules, set filter criteria in the input box above the list.
|
||||
#. Click an action in the **Operation** column.
|
||||
|
||||
- **Observe**: The firewall logs the traffic that matches the current rule and does not block the traffic.
|
||||
- **Intercept**: The firewall logs and blocks the traffic that matches the current rule.
|
||||
- **Disable**: The firewall does not log or block the traffic that matches the current rule.
|
||||
|
||||
.. note::
|
||||
|
||||
- The action of a manually modified rule remains unchanged even if **Protection Mode** is changed. To restore the default action, select a rule and click **Restore Default**.
|
||||
- The constraints on manually modified actions are as follows:
|
||||
|
||||
- The actions of up to 3000 rules can be manually changed to observation.
|
||||
- The actions of up to 3000 rules can be manually changed to interception.
|
||||
- The actions of up to 128 rules can be manually changed to disabling.
|
||||
|
||||
Related Operations
|
||||
------------------
|
||||
|
||||
- Restoring the default actions of some rules: On the **Basic Protection** tab, select rules and click **Restore Default**.
|
||||
- Restoring the default actions of all rules: On the **Basic Protection** tab, select rules and click **Restore All Defaults**.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
@ -0,0 +1,56 @@
|
||||
:original_name: cfw_01_0228.html
|
||||
|
||||
.. _cfw_01_0228:
|
||||
|
||||
Viewing Attack Defense Information on the Dashboard
|
||||
===================================================
|
||||
|
||||
On the security dashboard, you can quickly view protection information about attack defense functions (IPS, reverse shell defense, sensitive directory scan defense, and antivirus) and adjust IPS protection mode in a timely manner.
|
||||
|
||||
Viewing IPS Protection Information on the Dashboard
|
||||
---------------------------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
#. In the navigation pane, choose **Attack Defense** > **Security Dashboard**.
|
||||
#. In the upper part of the page, click the **Internet Boundaries** or **Inter-VPC Borders** tab.
|
||||
#. View statistics about protection rules of a firewall instance. You can select a query duration from the drop-down list.
|
||||
|
||||
- **Security Dashboard**: Number of attacks detected by IPS, numbers of allowed and blocked accesses, and number of attacked ports.
|
||||
|
||||
- **Attacks**: Number of times that IPS blocks or allows traffic.
|
||||
|
||||
- **Visualizations**: Top 5 items ranked by certain parameters regarding the attacks detected or blocked by IPS. For more information, see :ref:`Table 1 <cfw_01_0228__table12362103114169>`. You can click a record to view attack details. For more information, see :ref:`Table 1 <cfw_01_0139__table1131654116506>`.
|
||||
|
||||
.. _cfw_01_0228__table12362103114169:
|
||||
|
||||
.. table:: **Table 1** Security dashboard statistics parameters
|
||||
|
||||
+-----------------------------------------+------------------------------------------------------------------------------------------------+
|
||||
| Parameter | Description |
|
||||
+=========================================+================================================================================================+
|
||||
| Attack Types | Attack type. |
|
||||
+-----------------------------------------+------------------------------------------------------------------------------------------------+
|
||||
| Top Internal Attack Source IP Addresses | IP addresses of the assets that are on your cloud but launch attacks on external IP addresses. |
|
||||
+-----------------------------------------+------------------------------------------------------------------------------------------------+
|
||||
| Top External Attack Source IP Addresses | External IP addresses that launch attacks on your cloud assets. |
|
||||
+-----------------------------------------+------------------------------------------------------------------------------------------------+
|
||||
| Top External Attack Source Regions | Regions of the external IP addresses that launch attacks on your cloud assets. |
|
||||
+-----------------------------------------+------------------------------------------------------------------------------------------------+
|
||||
| Top Attack Destination IP Addresses | Destination IP addresses in attacks. |
|
||||
+-----------------------------------------+------------------------------------------------------------------------------------------------+
|
||||
| Top Attacked Ports | Attacked ports. |
|
||||
+-----------------------------------------+------------------------------------------------------------------------------------------------+
|
||||
|
||||
- Top attack statistics: Top 50 attacks detected or blocked by IPS within a specified time range.
|
||||
|
||||
- **Top Attack Targets**: Destination IP addresses, ports, and applications.
|
||||
- **Top Attack Sources**: Source IP addresses and types.
|
||||
|
||||
Related Operations
|
||||
------------------
|
||||
|
||||
For details about logs, see :ref:`Attack Event Logs <cfw_01_0139__section1131659192010>`.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
40
umn/source/change_history.rst
Normal file
40
umn/source/change_history.rst
Normal file
@ -0,0 +1,40 @@
|
||||
:original_name: cfw_01_0084.html
|
||||
|
||||
.. _cfw_01_0084:
|
||||
|
||||
Change History
|
||||
==============
|
||||
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------+
|
||||
| Date | Description |
|
||||
+===================================+==========================================================================================+
|
||||
| 2024-10-12 | This is the fifth official release. |
|
||||
| | |
|
||||
| | Optimized: |
|
||||
| | |
|
||||
| | Adapted to the new layout in :ref:`Checking the Dashboard <cfw_01_0009>`. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------+
|
||||
| 2024-09-19 | This is the fourth official release. |
|
||||
| | |
|
||||
| | Added: |
|
||||
| | |
|
||||
| | - Advanced settings in :ref:`Blocking Network Attacks <cfw_01_0032>`. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------+
|
||||
| 2024-07-29 | This is the third official release. |
|
||||
| | |
|
||||
| | Optimized: |
|
||||
| | |
|
||||
| | Inconsistency between the parameter description and the GUI |
|
||||
| | |
|
||||
| | Deleted: |
|
||||
| | |
|
||||
| | Log visualization and alarm rule configuration functions in the interconnection with LTS |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------+
|
||||
| 2024-05-28 | This is the second official release. |
|
||||
| | |
|
||||
| | Added: |
|
||||
| | |
|
||||
| | The concept of defense traffic in section :ref:`Basic Concepts <cfw_01_0057>`. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------+
|
||||
| 2024-04-30 | This is the first official release. |
|
||||
+-----------------------------------+------------------------------------------------------------------------------------------+
|
||||
130
umn/source/checking_the_dashboard.rst
Normal file
130
umn/source/checking_the_dashboard.rst
Normal file
File diff suppressed because it is too large
Load Diff
@ -16,6 +16,8 @@
|
||||
|
||||
import os
|
||||
import sys
|
||||
from git import Repo
|
||||
from datetime import datetime
|
||||
|
||||
extensions = [
|
||||
'otcdocstheme',
|
||||
@ -115,3 +117,9 @@ latex_documents = [
|
||||
u'Cloud Firewall - User Guide',
|
||||
u'OpenTelekomCloud', 'manual'),
|
||||
]
|
||||
|
||||
# Get the Git commit values for last updated timestamp on each page
|
||||
repo = Repo(search_parent_directories=True)
|
||||
commit = repo.head.commit
|
||||
current_commit_hash = commit.hexsha
|
||||
current_commit_time = commit.committed_datetime.strftime('%Y-%m-%d %H:%M')
|
||||
@ -0,0 +1,76 @@
|
||||
:original_name: cfw_01_0262.html
|
||||
|
||||
.. _cfw_01_0262:
|
||||
|
||||
Access Control Policy Overview
|
||||
==============================
|
||||
|
||||
After protection is enabled, CFW access control policies allow all traffic by default. Proper access control policies help you implement refined management and control on traffic between internal servers and the Internet, prevent internal threats from spreading, and enhance in-depth security.
|
||||
|
||||
Access Control Policy Types
|
||||
---------------------------
|
||||
|
||||
Access control policies are classified into protection rules and blacklist/whitelist. :ref:`Differences between protection rules and blacklist/whitelist <cfw_01_0262__table1185931821515>` shows more details. If traffic hits a policy, the action of the policy will be taken.
|
||||
|
||||
.. _cfw_01_0262__table1185931821515:
|
||||
|
||||
.. table:: **Table 1** Differences between protection rules and blacklist/whitelist
|
||||
|
||||
+------------------+----------------------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------+
|
||||
| Type | Protected Object | Network Type | Action | Configuration Method |
|
||||
+==================+========================================+=======================+=====================================================================================================================================+====================================================================================+
|
||||
| Protection rules | - 5-tuple | - EIP | - If **Block** is selected, traffic will be blocked. | :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>` |
|
||||
| | - IP address groups | - Private IP address | - If **Allow** is selected, traffic will be allowed by protection rules and then checked by the intrusion prevention system (IPS). | |
|
||||
| | - Geographical locations | | | |
|
||||
| | - Domain names and domain name groups | | | |
|
||||
+------------------+----------------------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------+
|
||||
| Blacklist | - 5-tuple | | Traffic is blocked directly. | :ref:`Adding Blacklist or Whitelist Items to Block or Allow Traffic <cfw_01_0065>` |
|
||||
| | - IP address groups | | | |
|
||||
+------------------+----------------------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------+
|
||||
| Whitelist | | | Traffic is allowed by CFW and not checked by other functions. | |
|
||||
+------------------+----------------------------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------+
|
||||
|
||||
Specification Limitations
|
||||
-------------------------
|
||||
|
||||
To enable VPC border protection and NAT protection, use the CFW professional edition and enable :ref:`VPC firewall <cfw_01_0078>` protection.
|
||||
|
||||
Precautions for Configuring a Blocking Policy
|
||||
---------------------------------------------
|
||||
|
||||
The precautions for configuring a protection rule or a blacklist item for blocking IP addresses are as follows:
|
||||
|
||||
#. You are advised to preferentially configure specific IP addresses (for example, 192.168.10.5) to reduce network segment configurations and avoid improper blocking.
|
||||
#. Exercise caution when configuring protection rules to block reverse proxy IP addresses, such as the WAF back-to-source IP addresses. You are advised to configure protection rules or whitelist to permit reverse proxy IP addresses.
|
||||
#. Blocking forward proxy IP addresses (such as company egress IP addresses) can have a large impact. Exercise caution when configuring protection rules to block forward proxy IP addresses.
|
||||
#. When configuring region protection, take possible EIP changes into consideration.
|
||||
|
||||
Wildcard Rule
|
||||
-------------
|
||||
|
||||
+-------------------------------------------+-----------------------+---------------------------------------------------------------------------------+
|
||||
| Parameter | Input | Description |
|
||||
+===========================================+=======================+=================================================================================+
|
||||
| Source/Destination | 0.0.0.0/0 | All IP addresses |
|
||||
+-------------------------------------------+-----------------------+---------------------------------------------------------------------------------+
|
||||
| Domain name | www.example.com | Domain name www.example.com |
|
||||
+-------------------------------------------+-----------------------+---------------------------------------------------------------------------------+
|
||||
| Domain name | \*.example.com | All domain names ending with **example.com**, for example, **test.example.com** |
|
||||
+-------------------------------------------+-----------------------+---------------------------------------------------------------------------------+
|
||||
| Service - Source port or destination port | 1-65535 | All ports |
|
||||
+-------------------------------------------+-----------------------+---------------------------------------------------------------------------------+
|
||||
| Service - Source port or destination port | 80-443 | All ports in the range 80 to 443 |
|
||||
+-------------------------------------------+-----------------------+---------------------------------------------------------------------------------+
|
||||
| Service - Source port or destination port | - 80 | Ports 80 and 443 |
|
||||
| | - 443 | |
|
||||
+-------------------------------------------+-----------------------+---------------------------------------------------------------------------------+
|
||||
|
||||
References
|
||||
----------
|
||||
|
||||
- For details about how to add a single rule to protect traffic, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`. For details about how to add a single blacklist or whitelist item to protect traffic, see :ref:`Adding Blacklist or Whitelist Items to Block or Allow Traffic <cfw_01_0065>`.
|
||||
- For details about how to add protection policies in batches, see :ref:`Importing and Exporting Protection Policies <cfw_01_0129>`.
|
||||
- Follow-up operations after adding a policy:
|
||||
|
||||
- Policy hits: For details about the protection overview, see :ref:`Viewing Protection Information Using the Policy Assistant <cfw_01_0226>`. For details about logs, see :ref:`Access Control Logs <cfw_01_0139__section8485135919336>`.
|
||||
- For details about the traffic trend and statistics, see :ref:`Viewing Traffic Statistics <cfw_01_0011>`. For details about traffic records, see :ref:`Traffic Logs <cfw_01_0139__section8581131111344>`.
|
||||
@ -0,0 +1,88 @@
|
||||
:original_name: cfw_01_0065.html
|
||||
|
||||
.. _cfw_01_0065:
|
||||
|
||||
Adding Blacklist or Whitelist Items to Block or Allow Traffic
|
||||
=============================================================
|
||||
|
||||
After protection is enabled, CFW allows all traffic by default. You can configure the blacklist to block access requests from IP addresses or configure the whitelist to allow them.
|
||||
|
||||
This topic describes how to add a single blacklist or whitelist item. For details about how to add items in batches, see :ref:`Importing and Exporting Protection Policies <cfw_01_0129>`.
|
||||
|
||||
.. caution::
|
||||
|
||||
If your IP address is a back-to-source WAF IP address, you are advised to configure a protection rule or the whitelist to allow its access. Exercise caution when configuring the blacklist, which may affect your services.
|
||||
|
||||
- For details about how to configure protection rules, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
|
||||
|
||||
Specification Limitations
|
||||
-------------------------
|
||||
|
||||
- CFW supports up to 2,000 blacklist items and 2,000 whitelist items. If there are too many IP addresses to be specified, you can put them in an IP address group and select the IP address group when configuring protection rules.
|
||||
|
||||
- For details about how to add an IP address group, see :ref:`Adding User-defined IP Addresses and Address Groups <cfw_01_0068>`.
|
||||
- For details about how to add a protection rule, see :ref:`Adding Protection Rules to Block or Allow Traffic <cfw_01_0030>`.
|
||||
|
||||
- To protect private IP addresses, use the professional edition firewall and enable :ref:`VPC border firewall <cfw_01_0078>` protection.
|
||||
|
||||
Impact on the System
|
||||
--------------------
|
||||
|
||||
CFW directly allows whitelisted IP addresses and segments and blocks blacklisted ones without checking. To check the access and traffic statistics of these IP addresses, search for them by following the instructions in :ref:`Querying Logs <cfw_01_0139>`.
|
||||
|
||||
|
||||
Adding Blacklist or Whitelist Items to Block or Allow Traffic
|
||||
-------------------------------------------------------------
|
||||
|
||||
#. Log in to the management console.
|
||||
|
||||
#. In the navigation pane on the left, click |image1| and choose **Security** > **Cloud Firewall**. The **Dashboard** page will be displayed.
|
||||
|
||||
#. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click **View** in the **Operation** column of a firewall to go to its details page.
|
||||
|
||||
#. In the navigation pane, choose **Access Control** > **Access Policies**. Click the tab of a protected object, and then click the **Blacklist** or **Whitelist** tab.
|
||||
|
||||
#. Click **Add**. Set the address direction, IP address, protocol type, and port number. For details, see :ref:`Table 1 <cfw_01_0065__table12707131818297>`.
|
||||
|
||||
.. _cfw_01_0065__table12707131818297:
|
||||
|
||||
.. table:: **Table 1** Blacklist and whitelist parameters
|
||||
|
||||
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Parameter | Description |
|
||||
+===================================+===============================================================================================================================================================================================+
|
||||
| Direction | You can select **Source** or **Destination**. |
|
||||
| | |
|
||||
| | - **Source**: The IP address or IP address group that sends data packets. |
|
||||
| | - **Destination**: The destination IP address or IP address group that receives data packets. |
|
||||
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Protocol Type | Its value can be **TCP**, **UDP**, **ICMP**, or **Any**. |
|
||||
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Port | If **Protocol Type** is set to **TCP** or **UDP**, set the ports to be allowed or blocked. |
|
||||
| | |
|
||||
| | .. note:: |
|
||||
| | |
|
||||
| | - To specify all the ports of an IP address, set **Port** to **1-65535**. |
|
||||
| | - You can specify a single port. For example, to allow or block the access from port 22 of an IP address, set **Port** to **22**. |
|
||||
| | - To set a port range, use a hyphen (-) between the starting and ending ports. For example, to allow or block the access from ports 80-443 of an IP address, set **Port** to **80-443**. |
|
||||
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Description | Description of the blacklist or whitelist |
|
||||
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| IP Addresses | - User-defined IP address: Enter one or more IP addresses in the text box and click **Parse** to add the IP addresses to the list. |
|
||||
| | - Pre-defined address group: Click **Add Pre-defined IP Address Group**. In the dialog box that is displayed, select an address group. For more information, see . |
|
||||
| | |
|
||||
| | .. caution:: |
|
||||
| | |
|
||||
| | CAUTION: |
|
||||
| | After **WAF_Back-to-Source_IP_Addresses** is added to the blacklist or whitelist, if a back-to-source IP address changes, you need to manually update it in the blacklist or whitelist. |
|
||||
+-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
#. Click **OK**.
|
||||
|
||||
Related Operations
|
||||
------------------
|
||||
|
||||
- For details about how to edit and remove blacklist or whitelist items, see :ref:`Managing the Blacklist and the Whitelist <cfw_01_0035>`.
|
||||
- For details about how to add blacklist or whitelist items in batches, see :ref:`Importing and Exporting Protection Policies <cfw_01_0129>`.
|
||||
|
||||
.. |image1| image:: /_static/images/en-us_image_0000001259322747.png
|
||||
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user