diff --git a/docs/waf/umn/ALL_META.TXT.json b/docs/waf/umn/ALL_META.TXT.json new file mode 100644 index 00000000..928078b1 --- /dev/null +++ b/docs/waf/umn/ALL_META.TXT.json @@ -0,0 +1,582 @@ +[ + { + "uri":"waf_01_0064.html", + "product_code":"waf", + "code":"1", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Introduction", + "title":"Introduction", + "githuburl":"" + }, + { + "uri":"waf_01_0045.html", + "product_code":"waf", + "code":"2", + "des":"Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query L", + "doc_type":"usermanual", + "kw":"Web Application Firewall (WAF),keeps web services stable and secure,Challenge Collapsar (CC) attacks", + "title":"Web Application Firewall", + "githuburl":"" + }, + { + "uri":"waf_01_0065.html", + "product_code":"waf", + "code":"3", + "des":"WAF examines web traffic from multiple dimensions to accurately identify malicious requests and filter attacks, reducing the risks of data being tampered with or stolen.C", + "doc_type":"usermanual", + "kw":"Comprehensive protection,Technology leadership,Flexible configuration,Reliability,Product Advantages", + "title":"Product Advantages", + "githuburl":"" + }, + { + "uri":"waf_01_0046.html", + "product_code":"waf", + "code":"4", + "des":"This section describes the application scenarios of WAF.Common protectionWAF helps users defend against common web attacks, such as command injection and sensitive file a", + "doc_type":"usermanual", + "kw":"Application Scenarios,Introduction,User Guide", + "title":"Application Scenarios", + "githuburl":"" + }, + { + "uri":"waf_01_0047.html", + "product_code":"waf", + "code":"5", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Accessing and Using WAF", + "title":"Accessing and Using WAF", + "githuburl":"" + }, + { + "uri":"waf_01_0048.html", + "product_code":"waf", + "code":"6", + "des":"You can access WAF using the management console. If you have registered with the public cloud, you can directly log in to the management console.Cloud mode: On the homepa", + "doc_type":"usermanual", + "kw":"How to Access WAF,Accessing and Using WAF,User Guide", + "title":"How to Access WAF", + "githuburl":"" + }, + { + "uri":"waf_01_0049.html", + "product_code":"waf", + "code":"7", + "des":"The evolution of hacking techniques has caused frequent cybersecurity incidents against web servers. WAF provides comprehensive security protection for web services.You c", + "doc_type":"usermanual", + "kw":"How to Use WAF,Accessing and Using WAF,User Guide", + "title":"How to Use WAF", + "githuburl":"" + }, + { + "uri":"waf_01_0051.html", + "product_code":"waf", + "code":"8", + "des":"This section describes the relationship between WAF and other cloud services.Cloud Trace Service (CTS) provides records of operations on WAF. With CTS, you can query, aud", + "doc_type":"usermanual", + "kw":"Related Services,Accessing and Using WAF,User Guide", + "title":"Related Services", + "githuburl":"" + }, + { + "uri":"waf_01_0052.html", + "product_code":"waf", + "code":"9", + "des":"The system provides two types of default permissions: user management and resource management. User management includes management of users, user groups, and user groups'", + "doc_type":"usermanual", + "kw":"user management,resource management,User Permissions,Accessing and Using WAF,User Guide", + "title":"User Permissions", + "githuburl":"" + }, + { + "uri":"waf_01_0092.html", + "product_code":"waf", + "code":"10", + "des":"This section describes monitoring metrics reported by WAF to Cloud Eye as well as their namespaces and dimensions. You can use the management console or APIs provided by ", + "doc_type":"usermanual", + "kw":"Monitoring Metrics,User Guide", + "title":"Monitoring Metrics", + "githuburl":"" + }, + { + "uri":"waf_01_0070.html", + "product_code":"waf", + "code":"11", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Getting Started", + "title":"Getting Started", + "githuburl":"" + }, + { + "uri":"waf_01_0071.html", + "product_code":"waf", + "code":"12", + "des":"Before using WAF, you need to connect your domain name to it and enable it for protection to take effect.Table 1 describes the procedure to use WAF.Procedure to use WAFSt", + "doc_type":"usermanual", + "kw":"connect your domain name,Overview,Getting Started,User Guide", + "title":"Overview", + "githuburl":"" + }, + { + "uri":"waf_01_0002.html", + "product_code":"waf", + "code":"13", + "des":"This section describes how to create a domain name and connect it to WAF. After connecting a domain name, WAF works as a reverse proxy between the client and server. The ", + "doc_type":"usermanual", + "kw":"create a domain name and connect it,Domain Configuration Principle,Creating a Domain Name,Getting St", + "title":"Creating a Domain Name", + "githuburl":"" + }, + { + "uri":"waf_01_0073.html", + "product_code":"waf", + "code":"14", + "des":"This section describes how to connect your domain to WAF on a local PC and then access the site to verify whether WAF works properly.Before testing WAF, ensure that the p", + "doc_type":"usermanual", + "kw":"Testing WAF,Getting Started,User Guide", + "title":"Testing WAF", + "githuburl":"" + }, + { + "uri":"waf_01_0079.html", + "product_code":"waf", + "code":"15", + "des":"This section describes how to connect a domain name to WAF so that website traffic passes through WAF.To ensure that WAF works properly, you are advised to test WAF by fo", + "doc_type":"usermanual", + "kw":"connect a domain name to WAF,Connecting a Domain Name to WAF,Getting Started,User Guide", + "title":"Connecting a Domain Name to WAF", + "githuburl":"" + }, + { + "uri":"waf_01_0078.html", + "product_code":"waf", + "code":"16", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Certificate Management", + "title":"Certificate Management", + "githuburl":"" + }, + { + "uri":"waf_01_0090.html", + "product_code":"waf", + "code":"17", + "des":"This section describes how to upload a certificate.Login credentials have been obtained.In the upper part of the certificate list, click Quota details to view the certifi", + "doc_type":"usermanual", + "kw":"Uploading a Certificate,Certificate Management,User Guide", + "title":"Uploading a Certificate", + "githuburl":"" + }, + { + "uri":"waf_01_0091.html", + "product_code":"waf", + "code":"18", + "des":"This section describes how to delete an unused certificate.Login credentials have been obtained.The certificate to be deleted is not associated with any domain name.In th", + "doc_type":"usermanual", + "kw":"Deleting a Certificate,Certificate Management,User Guide", + "title":"Deleting a Certificate", + "githuburl":"" + }, + { + "uri":"waf_01_0067.html", + "product_code":"waf", + "code":"19", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Domain Management", + "title":"Domain Management", + "githuburl":"" + }, + { + "uri":"waf_01_0020.html", + "product_code":"waf", + "code":"20", + "des":"This section describes how to view domain information and edit server information.Login credentials have been obtained.In the upper right corner of the list, query domain", + "doc_type":"usermanual", + "kw":"Viewing Basic Information,Domain Management,User Guide", + "title":"Viewing Basic Information", + "githuburl":"" + }, + { + "uri":"waf_01_0093.html", + "product_code":"waf", + "code":"21", + "des":"The Transport Layer Security (TLS) protocol provides confidentiality and integrity of data sent between applications over the Internet. HTTPS is a network protocol constr", + "doc_type":"usermanual", + "kw":"Configuring the Minimum TLS Version and Cipher Suite,Domain Management,User Guide", + "title":"Configuring the Minimum TLS Version and Cipher Suite", + "githuburl":"" + }, + { + "uri":"waf_01_0003.html", + "product_code":"waf", + "code":"22", + "des":"This section describes how to enable WAF protection.The WAF engine does not run on your web server. Therefore, your web server performance will not be affected.After your", + "doc_type":"usermanual", + "kw":"enable WAF protection,Enabling WAF Protection,Domain Management,User Guide", + "title":"Enabling WAF Protection", + "githuburl":"" + }, + { + "uri":"waf_01_0004.html", + "product_code":"waf", + "code":"23", + "des":"This section describes how to disable WAF protection. In this mode, WAF only forwards requests, but does not detect them.Login credentials have been obtained.Mode for WAF", + "doc_type":"usermanual", + "kw":"Disabling WAF Protection,Domain Management,User Guide", + "title":"Disabling WAF Protection", + "githuburl":"" + }, + { + "uri":"waf_01_0069.html", + "product_code":"waf", + "code":"24", + "des":"This section describes how to set the bypassed mode whereby requests are sent directly to the backend server without passing through WAF.In special scenarios such as test", + "doc_type":"usermanual", + "kw":"Setting WAF Bypassed Mode,Domain Management,User Guide", + "title":"Setting WAF Bypassed Mode", + "githuburl":"" + }, + { + "uri":"waf_01_0094.html", + "product_code":"waf", + "code":"25", + "des":"If a visitor triggers block by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned a", + "doc_type":"usermanual", + "kw":"Modifying the Alarm Page,Domain Management,User Guide", + "title":"Modifying the Alarm Page", + "githuburl":"" + }, + { + "uri":"waf_01_0005.html", + "product_code":"waf", + "code":"26", + "des":"This section describes how to delete a protected domain name from WAF.If the domain name to be deleted has been connected to WAF, re-resolve it with the DNS provider befo", + "doc_type":"usermanual", + "kw":"Deleting a Protected Domain Name,Domain Management,User Guide", + "title":"Deleting a Protected Domain Name", + "githuburl":"" + }, + { + "uri":"waf_01_0007.html", + "product_code":"waf", + "code":"27", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Rule Configurations", + "title":"Rule Configurations", + "githuburl":"" + }, + { + "uri":"waf_01_0008.html", + "product_code":"waf", + "code":"28", + "des":"This section describes how to enable basic web protection.Basic web protection defends against common web attacks, such as SQL injection, XSS attacks, remote buffer overf", + "doc_type":"usermanual", + "kw":"basic web protection,Enabling Basic Web Protection,Rule Configurations,User Guide", + "title":"Enabling Basic Web Protection", + "githuburl":"" + }, + { + "uri":"waf_01_0009.html", + "product_code":"waf", + "code":"29", + "des":"This section describes how to configure CC attack protection rules.With these rules, rate limiting policies are set based on the IP addresses, cookies, or Referer field t", + "doc_type":"usermanual", + "kw":"CC attacks,Configuring CC Attack Protection Rules,Rule Configurations,User Guide", + "title":"Configuring CC Attack Protection Rules", + "githuburl":"" + }, + { + "uri":"waf_01_0010.html", + "product_code":"waf", + "code":"30", + "des":"This section describes how to configure precise protection rules.With these rules, WAF allows you to customize combinations of HTTP headers, cookies, URLs, request parame", + "doc_type":"usermanual", + "kw":"precise protection,Configuring Precise Protection Rules,Rule Configurations,User Guide", + "title":"Configuring Precise Protection Rules", + "githuburl":"" + }, + { + "uri":"waf_01_0012.html", + "product_code":"waf", + "code":"31", + "des":"This section describes how to configure blacklist or whitelist rules to block or allow specific IP addresses or address ranges.Blacklist and Whitelist only takes effect f", + "doc_type":"usermanual", + "kw":"blacklist or whitelist,Blacklist and Whitelist,Configuring Blacklist or Whitelist Rules,Rule Configu", + "title":"Configuring Blacklist or Whitelist Rules", + "githuburl":"" + }, + { + "uri":"waf_01_0014.html", + "product_code":"waf", + "code":"32", + "des":"This section describes how to configure web tamper protection (WTP) rules.You can configure these rules to prevent a static web page from being tampered with.WTP has the ", + "doc_type":"usermanual", + "kw":"web tamper protection (WTP),Configuring Web Tamper Protection Rules,Rule Configurations,User Guide", + "title":"Configuring Web Tamper Protection Rules", + "githuburl":"" + }, + { + "uri":"waf_01_0016.html", + "product_code":"waf", + "code":"33", + "des":"This section describes how to configure false alarm masking rules.You can add false alarms to the whitelist and ignore certain event IDs (for example, skip XSS check for ", + "doc_type":"usermanual", + "kw":"false alarm masking,Configuring False Alarm Masking Rules,Rule Configurations,User Guide", + "title":"Configuring False Alarm Masking Rules", + "githuburl":"" + }, + { + "uri":"waf_01_0017.html", + "product_code":"waf", + "code":"34", + "des":"This section describes how to configure data masking rules. Data Masking prevents such data as usernames and passwords from being displayed in event logs.Login credential", + "doc_type":"usermanual", + "kw":"Data Masking,Configuring Data Masking Rules,Rule Configurations,User Guide", + "title":"Configuring Data Masking Rules", + "githuburl":"" + }, + { + "uri":"waf_01_0055.html", + "product_code":"waf", + "code":"35", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Policy Management", + "title":"Policy Management", + "githuburl":"" + }, + { + "uri":"waf_01_0074.html", + "product_code":"waf", + "code":"36", + "des":"A policy is a combination of multiple rules, such as basic web protection, blacklist or whitelist, and precise protection rules. A policy can be applied to multiple domai", + "doc_type":"usermanual", + "kw":"Creating a Policy,Policy Management,User Guide", + "title":"Creating a Policy", + "githuburl":"" + }, + { + "uri":"waf_01_0075.html", + "product_code":"waf", + "code":"37", + "des":"This section describes how to apply a policy to your domain names.Login credentials have been obtained.The domain name to be protected has been created.To view informatio", + "doc_type":"usermanual", + "kw":"Applying a Policy to Your Domain Names,Policy Management,User Guide", + "title":"Applying a Policy to Your Domain Names", + "githuburl":"" + }, + { + "uri":"waf_01_0021.html", + "product_code":"waf", + "code":"38", + "des":"This section describes how to view event logs in a specified time (for example, today), including attack and request statistics, the number of attacks from the top 5 sour", + "doc_type":"usermanual", + "kw":"view event logs,Dashboard,User Guide", + "title":"Dashboard", + "githuburl":"" + }, + { + "uri":"waf_01_0018.html", + "product_code":"waf", + "code":"39", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Event Management", + "title":"Event Management", + "githuburl":"" + }, + { + "uri":"waf_01_0024.html", + "product_code":"waf", + "code":"40", + "des":"This section describes how to mask false alarms and view event details if you find out that an event is misreported.Login credentials have been obtained.The event list co", + "doc_type":"usermanual", + "kw":"false alarms,Handling False Alarms,Event Management,User Guide", + "title":"Handling False Alarms", + "githuburl":"" + }, + { + "uri":"waf_01_0077.html", + "product_code":"waf", + "code":"41", + "des":"This section describes how to download events (logged and blocked events) data over the past five days. An event file is generated at 01:00:00 (UTC time) of the second da", + "doc_type":"usermanual", + "kw":"Downloading Events Data,Event Management,User Guide", + "title":"Downloading Events Data", + "githuburl":"" + }, + { + "uri":"waf_01_0019.html", + "product_code":"waf", + "code":"42", + "des":"This section describes how to enable notification for attack logs. Once this function is enabled, WAF sends attack logs to users by email or SMS.Login credentials have be", + "doc_type":"usermanual", + "kw":"Enabling Alarm Notification,Event Management,User Guide", + "title":"Enabling Alarm Notification", + "githuburl":"" + }, + { + "uri":"waf_01_0022.html", + "product_code":"waf", + "code":"43", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"FAQs", + "title":"FAQs", + "githuburl":"" + }, + { + "uri":"waf_01_0025.html", + "product_code":"waf", + "code":"44", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"General", + "title":"General", + "githuburl":"" + }, + { + "uri":"waf_01_0026.html", + "product_code":"waf", + "code":"45", + "des":"WAF is deployed on the cloud and is not coupled with services on a web server. Therefore, WAF supports all OSs.", + "doc_type":"usermanual", + "kw":"Which OSs Does WAF Support?,General,User Guide", + "title":"Which OSs Does WAF Support?", + "githuburl":"" + }, + { + "uri":"waf_01_0027.html", + "product_code":"waf", + "code":"46", + "des":"WAF is deployed on the cloud and is not coupled with services on a web server. Therefore, WAF supports all web service frameworks.", + "doc_type":"usermanual", + "kw":"Which Web Service Frameworks Does WAF Support?,General,User Guide", + "title":"Which Web Service Frameworks Does WAF Support?", + "githuburl":"" + }, + { + "uri":"waf_01_0028.html", + "product_code":"waf", + "code":"47", + "des":"The protection policies supported by WAF are described below.Basic Web ProtectionWAF can defend against common web attacks, such as SQL injection, XSS, webshells, and Tro", + "doc_type":"usermanual", + "kw":"What Protection Policies Does WAF Support?,General,User Guide", + "title":"What Protection Policies Does WAF Support?", + "githuburl":"" + }, + { + "uri":"waf_01_0029.html", + "product_code":"waf", + "code":"48", + "des":"No. WAF cannot obtain the private IP address of the user site because Virtual Private Cloud (VPC) is isolated.", + "doc_type":"usermanual", + "kw":"Can WAF Protect a Private IP Address?,General,User Guide", + "title":"Can WAF Protect a Private IP Address?", + "githuburl":"" + }, + { + "uri":"waf_01_0030.html", + "product_code":"waf", + "code":"49", + "des":"WAF provides protection for seven layers, namely, the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application ", + "doc_type":"usermanual", + "kw":"Which Layer Does WAF Provides Protection At?,General,User Guide", + "title":"Which Layer Does WAF Provides Protection At?", + "githuburl":"" + }, + { + "uri":"waf_01_0037.html", + "product_code":"waf", + "code":"50", + "des":"Yes. You simply need to configure HTTPS as the frontend protocol and allow WAF to host your certificate. Then, WAF protects your HTTPS service.", + "doc_type":"usermanual", + "kw":"Can WAF Protect HTTPS Services?,General,User Guide", + "title":"Can WAF Protect HTTPS Services?", + "githuburl":"" + }, + { + "uri":"waf_01_0036.html", + "product_code":"waf", + "code":"51", + "des":"During the configuration of a CC attack protection rule, if IP addresses cannot identify users precisely, for example, when many users share an egress IP address, use Coo", + "doc_type":"usermanual", + "kw":"When Is Cookie Used to Identify Users?,General,User Guide", + "title":"When Is Cookie Used to Identify Users?", + "githuburl":"" + }, + { + "uri":"waf_01_0095.html", + "product_code":"waf", + "code":"52", + "des":"When a visitor accesses a protected domain name, WAF automatically inserts the CLOUDWAFSESID and CLOUDWAFSESTIME fields into the cookie of the access request. The fields ", + "doc_type":"usermanual", + "kw":"Why Do Cookies Contain the CLOUDWAFSESID and CLOUDWAFSESTIME Fields After a Domain is Connected to W", + "title":"Why Do Cookies Contain the CLOUDWAFSESID and CLOUDWAFSESTIME Fields After a Domain is Connected to WAF?", + "githuburl":"" + }, + { + "uri":"waf_01_0063.html", + "product_code":"waf", + "code":"53", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Operation-related", + "title":"Operation-related", + "githuburl":"" + }, + { + "uri":"waf_01_0056.html", + "product_code":"waf", + "code":"54", + "des":"If DNS is Unconfigured, domain name resolution fails, that is, the domain name is not connected to WAF. In this case, perform the following steps to connect the domain na", + "doc_type":"usermanual", + "kw":"What Should I Do If the DNS Status Is Unconfigured?,Operation-related,User Guide", + "title":"What Should I Do If the DNS Status Is Unconfigured?", + "githuburl":"" + }, + { + "uri":"waf_01_0062.html", + "product_code":"waf", + "code":"55", + "des":"Generally, a proxy such as CDN, WAF, and AAD is deployed between the client and server. Web visitors cannot directly access the server. For example, web visitorCDN/WAF/AA", + "doc_type":"usermanual", + "kw":"How Do I Obtain the Real IP Address of a Web Visitor After WAF Is Enabled?,Operation-related,User Gu", + "title":"How Do I Obtain the Real IP Address of a Web Visitor After WAF Is Enabled?", + "githuburl":"" + }, + { + "uri":"waf_01_0066.html", + "product_code":"waf", + "code":"56", + "des":"If an error such as 500 Internal Server Error, 502 Bad Gateway, or 504 Gateway Timeout occurs after your web server connects to WAF, use the following methods to locate t", + "doc_type":"usermanual", + "kw":"How Do I Troubleshoot 500/502/504 Errors?,Operation-related,User Guide", + "title":"How Do I Troubleshoot 500/502/504 Errors?", + "githuburl":"" + }, + { + "uri":"waf_01_0082.html", + "product_code":"waf", + "code":"57", + "des":"If the certificate provided by the certificate authority is not found in the built-in trust store on your platform and the certificate chain does not have a certificate a", + "doc_type":"usermanual", + "kw":"How Do I Fix an Incomplete Certificate Chain?,Operation-related,User Guide", + "title":"How Do I Fix an Incomplete Certificate Chain?", + "githuburl":"" + }, + { + "uri":"waf_01_0023.html", + "product_code":"waf", + "code":"58", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual", + "kw":"Change History,User Guide", + "title":"Change History", + "githuburl":"" + } +] \ No newline at end of file diff --git a/docs/waf/umn/CLASS.TXT.json b/docs/waf/umn/CLASS.TXT.json new file mode 100644 index 00000000..53e1b578 --- /dev/null +++ b/docs/waf/umn/CLASS.TXT.json @@ -0,0 +1,524 @@ +[ + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Introduction", + "uri":"waf_01_0064.html", + "doc_type":"usermanual", + "p_code":"", + "code":"1" + }, + { + "desc":"Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query L", + "product_code":"waf", + "title":"Web Application Firewall", + "uri":"waf_01_0045.html", + "doc_type":"usermanual", + "p_code":"1", + "code":"2" + }, + { + "desc":"WAF examines web traffic from multiple dimensions to accurately identify malicious requests and filter attacks, reducing the risks of data being tampered with or stolen.C", + "product_code":"waf", + "title":"Product Advantages", + "uri":"waf_01_0065.html", + "doc_type":"usermanual", + "p_code":"1", + "code":"3" + }, + { + "desc":"This section describes the application scenarios of WAF.Common protectionWAF helps users defend against common web attacks, such as command injection and sensitive file a", + "product_code":"waf", + "title":"Application Scenarios", + "uri":"waf_01_0046.html", + "doc_type":"usermanual", + "p_code":"1", + "code":"4" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Accessing and Using WAF", + "uri":"waf_01_0047.html", + "doc_type":"usermanual", + "p_code":"1", + "code":"5" + }, + { + "desc":"You can access WAF using the management console. If you have registered with the public cloud, you can directly log in to the management console.Cloud mode: On the homepa", + "product_code":"waf", + "title":"How to Access WAF", + "uri":"waf_01_0048.html", + "doc_type":"usermanual", + "p_code":"5", + "code":"6" + }, + { + "desc":"The evolution of hacking techniques has caused frequent cybersecurity incidents against web servers. WAF provides comprehensive security protection for web services.You c", + "product_code":"waf", + "title":"How to Use WAF", + "uri":"waf_01_0049.html", + "doc_type":"usermanual", + "p_code":"5", + "code":"7" + }, + { + "desc":"This section describes the relationship between WAF and other cloud services.Cloud Trace Service (CTS) provides records of operations on WAF. With CTS, you can query, aud", + "product_code":"waf", + "title":"Related Services", + "uri":"waf_01_0051.html", + "doc_type":"usermanual", + "p_code":"5", + "code":"8" + }, + { + "desc":"The system provides two types of default permissions: user management and resource management. User management includes management of users, user groups, and user groups'", + "product_code":"waf", + "title":"User Permissions", + "uri":"waf_01_0052.html", + "doc_type":"usermanual", + "p_code":"5", + "code":"9" + }, + { + "desc":"This section describes monitoring metrics reported by WAF to Cloud Eye as well as their namespaces and dimensions. You can use the management console or APIs provided by ", + "product_code":"waf", + "title":"Monitoring Metrics", + "uri":"waf_01_0092.html", + "doc_type":"usermanual", + "p_code":"", + "code":"10" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Getting Started", + "uri":"waf_01_0070.html", + "doc_type":"usermanual", + "p_code":"", + "code":"11" + }, + { + "desc":"Before using WAF, you need to connect your domain name to it and enable it for protection to take effect.Table 1 describes the procedure to use WAF.Procedure to use WAFSt", + "product_code":"waf", + "title":"Overview", + "uri":"waf_01_0071.html", + "doc_type":"usermanual", + "p_code":"11", + "code":"12" + }, + { + "desc":"This section describes how to create a domain name and connect it to WAF. After connecting a domain name, WAF works as a reverse proxy between the client and server. The ", + "product_code":"waf", + "title":"Creating a Domain Name", + "uri":"waf_01_0002.html", + "doc_type":"usermanual", + "p_code":"11", + "code":"13" + }, + { + "desc":"This section describes how to connect your domain to WAF on a local PC and then access the site to verify whether WAF works properly.Before testing WAF, ensure that the p", + "product_code":"waf", + "title":"Testing WAF", + "uri":"waf_01_0073.html", + "doc_type":"usermanual", + "p_code":"11", + "code":"14" + }, + { + "desc":"This section describes how to connect a domain name to WAF so that website traffic passes through WAF.To ensure that WAF works properly, you are advised to test WAF by fo", + "product_code":"waf", + "title":"Connecting a Domain Name to WAF", + "uri":"waf_01_0079.html", + "doc_type":"usermanual", + "p_code":"11", + "code":"15" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Certificate Management", + "uri":"waf_01_0078.html", + "doc_type":"usermanual", + "p_code":"", + "code":"16" + }, + { + "desc":"This section describes how to upload a certificate.Login credentials have been obtained.In the upper part of the certificate list, click Quota details to view the certifi", + "product_code":"waf", + "title":"Uploading a Certificate", + "uri":"waf_01_0090.html", + "doc_type":"usermanual", + "p_code":"16", + "code":"17" + }, + { + "desc":"This section describes how to delete an unused certificate.Login credentials have been obtained.The certificate to be deleted is not associated with any domain name.In th", + "product_code":"waf", + "title":"Deleting a Certificate", + "uri":"waf_01_0091.html", + "doc_type":"usermanual", + "p_code":"16", + "code":"18" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Domain Management", + "uri":"waf_01_0067.html", + "doc_type":"usermanual", + "p_code":"", + "code":"19" + }, + { + "desc":"This section describes how to view domain information and edit server information.Login credentials have been obtained.In the upper right corner of the list, query domain", + "product_code":"waf", + "title":"Viewing Basic Information", + "uri":"waf_01_0020.html", + "doc_type":"usermanual", + "p_code":"19", + "code":"20" + }, + { + "desc":"The Transport Layer Security (TLS) protocol provides confidentiality and integrity of data sent between applications over the Internet. HTTPS is a network protocol constr", + "product_code":"waf", + "title":"Configuring the Minimum TLS Version and Cipher Suite", + "uri":"waf_01_0093.html", + "doc_type":"usermanual", + "p_code":"19", + "code":"21" + }, + { + "desc":"This section describes how to enable WAF protection.The WAF engine does not run on your web server. Therefore, your web server performance will not be affected.After your", + "product_code":"waf", + "title":"Enabling WAF Protection", + "uri":"waf_01_0003.html", + "doc_type":"usermanual", + "p_code":"19", + "code":"22" + }, + { + "desc":"This section describes how to disable WAF protection. In this mode, WAF only forwards requests, but does not detect them.Login credentials have been obtained.Mode for WAF", + "product_code":"waf", + "title":"Disabling WAF Protection", + "uri":"waf_01_0004.html", + "doc_type":"usermanual", + "p_code":"19", + "code":"23" + }, + { + "desc":"This section describes how to set the bypassed mode whereby requests are sent directly to the backend server without passing through WAF.In special scenarios such as test", + "product_code":"waf", + "title":"Setting WAF Bypassed Mode", + "uri":"waf_01_0069.html", + "doc_type":"usermanual", + "p_code":"19", + "code":"24" + }, + { + "desc":"If a visitor triggers block by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned a", + "product_code":"waf", + "title":"Modifying the Alarm Page", + "uri":"waf_01_0094.html", + "doc_type":"usermanual", + "p_code":"19", + "code":"25" + }, + { + "desc":"This section describes how to delete a protected domain name from WAF.If the domain name to be deleted has been connected to WAF, re-resolve it with the DNS provider befo", + "product_code":"waf", + "title":"Deleting a Protected Domain Name", + "uri":"waf_01_0005.html", + "doc_type":"usermanual", + "p_code":"19", + "code":"26" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Rule Configurations", + "uri":"waf_01_0007.html", + "doc_type":"usermanual", + "p_code":"", + "code":"27" + }, + { + "desc":"This section describes how to enable basic web protection.Basic web protection defends against common web attacks, such as SQL injection, XSS attacks, remote buffer overf", + "product_code":"waf", + "title":"Enabling Basic Web Protection", + "uri":"waf_01_0008.html", + "doc_type":"usermanual", + "p_code":"27", + "code":"28" + }, + { + "desc":"This section describes how to configure CC attack protection rules.With these rules, rate limiting policies are set based on the IP addresses, cookies, or Referer field t", + "product_code":"waf", + "title":"Configuring CC Attack Protection Rules", + "uri":"waf_01_0009.html", + "doc_type":"usermanual", + "p_code":"27", + "code":"29" + }, + { + "desc":"This section describes how to configure precise protection rules.With these rules, WAF allows you to customize combinations of HTTP headers, cookies, URLs, request parame", + "product_code":"waf", + "title":"Configuring Precise Protection Rules", + "uri":"waf_01_0010.html", + "doc_type":"usermanual", + "p_code":"27", + "code":"30" + }, + { + "desc":"This section describes how to configure blacklist or whitelist rules to block or allow specific IP addresses or address ranges.Blacklist and Whitelist only takes effect f", + "product_code":"waf", + "title":"Configuring Blacklist or Whitelist Rules", + "uri":"waf_01_0012.html", + "doc_type":"usermanual", + "p_code":"27", + "code":"31" + }, + { + "desc":"This section describes how to configure web tamper protection (WTP) rules.You can configure these rules to prevent a static web page from being tampered with.WTP has the ", + "product_code":"waf", + "title":"Configuring Web Tamper Protection Rules", + "uri":"waf_01_0014.html", + "doc_type":"usermanual", + "p_code":"27", + "code":"32" + }, + { + "desc":"This section describes how to configure false alarm masking rules.You can add false alarms to the whitelist and ignore certain event IDs (for example, skip XSS check for ", + "product_code":"waf", + "title":"Configuring False Alarm Masking Rules", + "uri":"waf_01_0016.html", + "doc_type":"usermanual", + "p_code":"27", + "code":"33" + }, + { + "desc":"This section describes how to configure data masking rules. Data Masking prevents such data as usernames and passwords from being displayed in event logs.Login credential", + "product_code":"waf", + "title":"Configuring Data Masking Rules", + "uri":"waf_01_0017.html", + "doc_type":"usermanual", + "p_code":"27", + "code":"34" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Policy Management", + "uri":"waf_01_0055.html", + "doc_type":"usermanual", + "p_code":"", + "code":"35" + }, + { + "desc":"A policy is a combination of multiple rules, such as basic web protection, blacklist or whitelist, and precise protection rules. A policy can be applied to multiple domai", + "product_code":"waf", + "title":"Creating a Policy", + "uri":"waf_01_0074.html", + "doc_type":"usermanual", + "p_code":"35", + "code":"36" + }, + { + "desc":"This section describes how to apply a policy to your domain names.Login credentials have been obtained.The domain name to be protected has been created.To view informatio", + "product_code":"waf", + "title":"Applying a Policy to Your Domain Names", + "uri":"waf_01_0075.html", + "doc_type":"usermanual", + "p_code":"35", + "code":"37" + }, + { + "desc":"This section describes how to view event logs in a specified time (for example, today), including attack and request statistics, the number of attacks from the top 5 sour", + "product_code":"waf", + "title":"Dashboard", + "uri":"waf_01_0021.html", + "doc_type":"usermanual", + "p_code":"", + "code":"38" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Event Management", + "uri":"waf_01_0018.html", + "doc_type":"usermanual", + "p_code":"", + "code":"39" + }, + { + "desc":"This section describes how to mask false alarms and view event details if you find out that an event is misreported.Login credentials have been obtained.The event list co", + "product_code":"waf", + "title":"Handling False Alarms", + "uri":"waf_01_0024.html", + "doc_type":"usermanual", + "p_code":"39", + "code":"40" + }, + { + "desc":"This section describes how to download events (logged and blocked events) data over the past five days. An event file is generated at 01:00:00 (UTC time) of the second da", + "product_code":"waf", + "title":"Downloading Events Data", + "uri":"waf_01_0077.html", + "doc_type":"usermanual", + "p_code":"39", + "code":"41" + }, + { + "desc":"This section describes how to enable notification for attack logs. Once this function is enabled, WAF sends attack logs to users by email or SMS.Login credentials have be", + "product_code":"waf", + "title":"Enabling Alarm Notification", + "uri":"waf_01_0019.html", + "doc_type":"usermanual", + "p_code":"39", + "code":"42" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"FAQs", + "uri":"waf_01_0022.html", + "doc_type":"usermanual", + "p_code":"", + "code":"43" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"General", + "uri":"waf_01_0025.html", + "doc_type":"usermanual", + "p_code":"43", + "code":"44" + }, + { + "desc":"WAF is deployed on the cloud and is not coupled with services on a web server. Therefore, WAF supports all OSs.", + "product_code":"waf", + "title":"Which OSs Does WAF Support?", + "uri":"waf_01_0026.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"45" + }, + { + "desc":"WAF is deployed on the cloud and is not coupled with services on a web server. Therefore, WAF supports all web service frameworks.", + "product_code":"waf", + "title":"Which Web Service Frameworks Does WAF Support?", + "uri":"waf_01_0027.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"46" + }, + { + "desc":"The protection policies supported by WAF are described below.Basic Web ProtectionWAF can defend against common web attacks, such as SQL injection, XSS, webshells, and Tro", + "product_code":"waf", + "title":"What Protection Policies Does WAF Support?", + "uri":"waf_01_0028.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"47" + }, + { + "desc":"No. WAF cannot obtain the private IP address of the user site because Virtual Private Cloud (VPC) is isolated.", + "product_code":"waf", + "title":"Can WAF Protect a Private IP Address?", + "uri":"waf_01_0029.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"48" + }, + { + "desc":"WAF provides protection for seven layers, namely, the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application ", + "product_code":"waf", + "title":"Which Layer Does WAF Provides Protection At?", + "uri":"waf_01_0030.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"49" + }, + { + "desc":"Yes. You simply need to configure HTTPS as the frontend protocol and allow WAF to host your certificate. Then, WAF protects your HTTPS service.", + "product_code":"waf", + "title":"Can WAF Protect HTTPS Services?", + "uri":"waf_01_0037.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"50" + }, + { + "desc":"During the configuration of a CC attack protection rule, if IP addresses cannot identify users precisely, for example, when many users share an egress IP address, use Coo", + "product_code":"waf", + "title":"When Is Cookie Used to Identify Users?", + "uri":"waf_01_0036.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"51" + }, + { + "desc":"When a visitor accesses a protected domain name, WAF automatically inserts the CLOUDWAFSESID and CLOUDWAFSESTIME fields into the cookie of the access request. The fields ", + "product_code":"waf", + "title":"Why Do Cookies Contain the CLOUDWAFSESID and CLOUDWAFSESTIME Fields After a Domain is Connected to WAF?", + "uri":"waf_01_0095.html", + "doc_type":"usermanual", + "p_code":"44", + "code":"52" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Operation-related", + "uri":"waf_01_0063.html", + "doc_type":"usermanual", + "p_code":"43", + "code":"53" + }, + { + "desc":"If DNS is Unconfigured, domain name resolution fails, that is, the domain name is not connected to WAF. In this case, perform the following steps to connect the domain na", + "product_code":"waf", + "title":"What Should I Do If the DNS Status Is Unconfigured?", + "uri":"waf_01_0056.html", + "doc_type":"usermanual", + "p_code":"53", + "code":"54" + }, + { + "desc":"Generally, a proxy such as CDN, WAF, and AAD is deployed between the client and server. Web visitors cannot directly access the server. For example, web visitorCDN/WAF/AA", + "product_code":"waf", + "title":"How Do I Obtain the Real IP Address of a Web Visitor After WAF Is Enabled?", + "uri":"waf_01_0062.html", + "doc_type":"usermanual", + "p_code":"53", + "code":"55" + }, + { + "desc":"If an error such as 500 Internal Server Error, 502 Bad Gateway, or 504 Gateway Timeout occurs after your web server connects to WAF, use the following methods to locate t", + "product_code":"waf", + "title":"How Do I Troubleshoot 500/502/504 Errors?", + "uri":"waf_01_0066.html", + "doc_type":"usermanual", + "p_code":"53", + "code":"56" + }, + { + "desc":"If the certificate provided by the certificate authority is not found in the built-in trust store on your platform and the certificate chain does not have a certificate a", + "product_code":"waf", + "title":"How Do I Fix an Incomplete Certificate Chain?", + "uri":"waf_01_0082.html", + "doc_type":"usermanual", + "p_code":"53", + "code":"57" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"waf", + "title":"Change History", + "uri":"waf_01_0023.html", + "doc_type":"usermanual", + "p_code":"", + "code":"58" + } +] \ No newline at end of file diff --git a/docs/waf/umn/PARAMETERS.txt b/docs/waf/umn/PARAMETERS.txt new file mode 100644 index 00000000..6da8d5f0 --- /dev/null +++ b/docs/waf/umn/PARAMETERS.txt @@ -0,0 +1,3 @@ +version="" +language="en-us" +type="" \ No newline at end of file diff --git a/docs/waf/umn/en-us_image_0000001156082152.png b/docs/waf/umn/en-us_image_0000001156082152.png new file mode 100644 index 00000000..d752fb31 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001156082152.png differ diff --git a/docs/waf/umn/en-us_image_0000001175447588.png b/docs/waf/umn/en-us_image_0000001175447588.png new file mode 100644 index 00000000..b42d38fb Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001175447588.png differ diff --git a/docs/waf/umn/en-us_image_0000001175607540.png b/docs/waf/umn/en-us_image_0000001175607540.png new file mode 100644 index 00000000..256ee8ac Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001175607540.png differ diff --git a/docs/waf/umn/en-us_image_0000001175926056.png b/docs/waf/umn/en-us_image_0000001175926056.png new file mode 100644 index 00000000..4e25737f Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001175926056.png differ diff --git a/docs/waf/umn/en-us_image_0000001204042733.png b/docs/waf/umn/en-us_image_0000001204042733.png new file mode 100644 index 00000000..b42d38fb Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001204042733.png differ diff --git a/docs/waf/umn/en-us_image_0000001221005879.png b/docs/waf/umn/en-us_image_0000001221005879.png new file mode 100644 index 00000000..d752fb31 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001221005879.png differ diff --git a/docs/waf/umn/en-us_image_0000001221127307.png b/docs/waf/umn/en-us_image_0000001221127307.png new file mode 100644 index 00000000..81ba2e3e Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001221127307.png differ diff --git a/docs/waf/umn/en-us_image_0000001221127319.png b/docs/waf/umn/en-us_image_0000001221127319.png new file mode 100644 index 00000000..9f433f71 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001221127319.png differ diff --git a/docs/waf/umn/en-us_image_0000001221367359.png b/docs/waf/umn/en-us_image_0000001221367359.png new file mode 100644 index 00000000..b2cd8881 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001221367359.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314894.png b/docs/waf/umn/en-us_image_0000001321314894.png new file mode 100644 index 00000000..ac96cc2b Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314894.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314906.png b/docs/waf/umn/en-us_image_0000001321314906.png new file mode 100644 index 00000000..8132ad67 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314906.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314926.png b/docs/waf/umn/en-us_image_0000001321314926.png new file mode 100644 index 00000000..a34215dc Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314926.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314934.png b/docs/waf/umn/en-us_image_0000001321314934.png new file mode 100644 index 00000000..c3e4581d Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314934.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314938.png b/docs/waf/umn/en-us_image_0000001321314938.png new file mode 100644 index 00000000..babf185b Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314938.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314946.png b/docs/waf/umn/en-us_image_0000001321314946.png new file mode 100644 index 00000000..4738b6ce Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314946.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314954.png b/docs/waf/umn/en-us_image_0000001321314954.png new file mode 100644 index 00000000..d7e06ce5 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314954.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314966.png b/docs/waf/umn/en-us_image_0000001321314966.png new file mode 100644 index 00000000..2cc65fda Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314966.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314970.png b/docs/waf/umn/en-us_image_0000001321314970.png new file mode 100644 index 00000000..bd11020e Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314970.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314978.png b/docs/waf/umn/en-us_image_0000001321314978.png new file mode 100644 index 00000000..0d5bbae1 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314978.png differ diff --git a/docs/waf/umn/en-us_image_0000001321314982.png b/docs/waf/umn/en-us_image_0000001321314982.png new file mode 100644 index 00000000..92b7e7b0 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321314982.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474590.png b/docs/waf/umn/en-us_image_0000001321474590.png new file mode 100644 index 00000000..bbe79690 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474590.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474594.png b/docs/waf/umn/en-us_image_0000001321474594.png new file mode 100644 index 00000000..982a3fba Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474594.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474598.png b/docs/waf/umn/en-us_image_0000001321474598.png new file mode 100644 index 00000000..655960a0 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474598.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474614.png b/docs/waf/umn/en-us_image_0000001321474614.png new file mode 100644 index 00000000..6aab5ae6 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474614.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474630.png b/docs/waf/umn/en-us_image_0000001321474630.png new file mode 100644 index 00000000..bfaa7b01 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474630.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474634.png b/docs/waf/umn/en-us_image_0000001321474634.png new file mode 100644 index 00000000..ece7f4fa Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474634.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474650.png b/docs/waf/umn/en-us_image_0000001321474650.png new file mode 100644 index 00000000..17e730c5 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474650.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474654.png b/docs/waf/umn/en-us_image_0000001321474654.png new file mode 100644 index 00000000..a366dc72 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474654.png differ diff --git a/docs/waf/umn/en-us_image_0000001321474658.png b/docs/waf/umn/en-us_image_0000001321474658.png new file mode 100644 index 00000000..85a7dc70 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321474658.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634494.png b/docs/waf/umn/en-us_image_0000001321634494.png new file mode 100644 index 00000000..3ec94d13 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634494.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634498.png b/docs/waf/umn/en-us_image_0000001321634498.png new file mode 100644 index 00000000..8a13880b Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634498.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634502.png b/docs/waf/umn/en-us_image_0000001321634502.png new file mode 100644 index 00000000..0a6945f8 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634502.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634522.png b/docs/waf/umn/en-us_image_0000001321634522.png new file mode 100644 index 00000000..55dec53c Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634522.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634530.png b/docs/waf/umn/en-us_image_0000001321634530.png new file mode 100644 index 00000000..3c34b7b9 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634530.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634538.png b/docs/waf/umn/en-us_image_0000001321634538.png new file mode 100644 index 00000000..6a68e1cd Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634538.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634542.png b/docs/waf/umn/en-us_image_0000001321634542.png new file mode 100644 index 00000000..e0928b6d Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634542.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634558.png b/docs/waf/umn/en-us_image_0000001321634558.png new file mode 100644 index 00000000..90ebc181 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634558.png differ diff --git a/docs/waf/umn/en-us_image_0000001321634566.png b/docs/waf/umn/en-us_image_0000001321634566.png new file mode 100644 index 00000000..bba614bb Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321634566.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794470.png b/docs/waf/umn/en-us_image_0000001321794470.png new file mode 100644 index 00000000..f1208a52 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794470.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794474.png b/docs/waf/umn/en-us_image_0000001321794474.png new file mode 100644 index 00000000..f976d03e Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794474.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794478.png b/docs/waf/umn/en-us_image_0000001321794478.png new file mode 100644 index 00000000..13d068fe Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794478.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794486.png b/docs/waf/umn/en-us_image_0000001321794486.png new file mode 100644 index 00000000..92d43d5e Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794486.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794498.png b/docs/waf/umn/en-us_image_0000001321794498.png new file mode 100644 index 00000000..2b7e9ccf Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794498.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794506.png b/docs/waf/umn/en-us_image_0000001321794506.png new file mode 100644 index 00000000..111ea88c Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794506.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794510.png b/docs/waf/umn/en-us_image_0000001321794510.png new file mode 100644 index 00000000..bb8c5fe9 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794510.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794518.png b/docs/waf/umn/en-us_image_0000001321794518.png new file mode 100644 index 00000000..b2cd8881 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794518.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794522.png b/docs/waf/umn/en-us_image_0000001321794522.png new file mode 100644 index 00000000..5d0a53db Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794522.png differ diff --git a/docs/waf/umn/en-us_image_0000001321794530.png b/docs/waf/umn/en-us_image_0000001321794530.png new file mode 100644 index 00000000..30435c7a Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001321794530.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554593.png b/docs/waf/umn/en-us_image_0000001372554593.png new file mode 100644 index 00000000..351c142e Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554593.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554601.png b/docs/waf/umn/en-us_image_0000001372554601.png new file mode 100644 index 00000000..edd50aa9 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554601.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554605.png b/docs/waf/umn/en-us_image_0000001372554605.png new file mode 100644 index 00000000..ed08b1d9 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554605.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554613.png b/docs/waf/umn/en-us_image_0000001372554613.png new file mode 100644 index 00000000..024409f8 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554613.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554625.png b/docs/waf/umn/en-us_image_0000001372554625.png new file mode 100644 index 00000000..bad02d1c Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554625.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554629.png b/docs/waf/umn/en-us_image_0000001372554629.png new file mode 100644 index 00000000..874211d6 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554629.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554637.png b/docs/waf/umn/en-us_image_0000001372554637.png new file mode 100644 index 00000000..b2cd8881 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554637.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554657.png b/docs/waf/umn/en-us_image_0000001372554657.png new file mode 100644 index 00000000..9f433f71 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554657.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554661.png b/docs/waf/umn/en-us_image_0000001372554661.png new file mode 100644 index 00000000..4e25737f Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554661.png differ diff --git a/docs/waf/umn/en-us_image_0000001372554673.png b/docs/waf/umn/en-us_image_0000001372554673.png new file mode 100644 index 00000000..8f1b2fa7 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372554673.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714409.png b/docs/waf/umn/en-us_image_0000001372714409.png new file mode 100644 index 00000000..f5186662 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714409.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714413.png b/docs/waf/umn/en-us_image_0000001372714413.png new file mode 100644 index 00000000..f3cb7b23 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714413.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714437.png b/docs/waf/umn/en-us_image_0000001372714437.png new file mode 100644 index 00000000..f5fc1bb9 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714437.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714449.png b/docs/waf/umn/en-us_image_0000001372714449.png new file mode 100644 index 00000000..e5fa43cf Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714449.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714457.png b/docs/waf/umn/en-us_image_0000001372714457.png new file mode 100644 index 00000000..256ee8ac Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714457.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714485.png b/docs/waf/umn/en-us_image_0000001372714485.png new file mode 100644 index 00000000..265d680f Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714485.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714489.png b/docs/waf/umn/en-us_image_0000001372714489.png new file mode 100644 index 00000000..da2aec66 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714489.png differ diff --git a/docs/waf/umn/en-us_image_0000001372714497.png b/docs/waf/umn/en-us_image_0000001372714497.png new file mode 100644 index 00000000..f557650c Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372714497.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795237.png b/docs/waf/umn/en-us_image_0000001372795237.png new file mode 100644 index 00000000..4fa23ad1 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795237.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795261.png b/docs/waf/umn/en-us_image_0000001372795261.png new file mode 100644 index 00000000..481a138b Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795261.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795273.png b/docs/waf/umn/en-us_image_0000001372795273.png new file mode 100644 index 00000000..d89df55b Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795273.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795277.png b/docs/waf/umn/en-us_image_0000001372795277.png new file mode 100644 index 00000000..387cdeaa Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795277.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795281.png b/docs/waf/umn/en-us_image_0000001372795281.png new file mode 100644 index 00000000..c4fdc192 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795281.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795289.png b/docs/waf/umn/en-us_image_0000001372795289.png new file mode 100644 index 00000000..cf733974 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795289.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795297.png b/docs/waf/umn/en-us_image_0000001372795297.png new file mode 100644 index 00000000..8ac81991 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795297.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795301.png b/docs/waf/umn/en-us_image_0000001372795301.png new file mode 100644 index 00000000..42e2eac3 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795301.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795305.png b/docs/waf/umn/en-us_image_0000001372795305.png new file mode 100644 index 00000000..beec6338 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795305.png differ diff --git a/docs/waf/umn/en-us_image_0000001372795313.png b/docs/waf/umn/en-us_image_0000001372795313.png new file mode 100644 index 00000000..5ee73077 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372795313.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914929.png b/docs/waf/umn/en-us_image_0000001372914929.png new file mode 100644 index 00000000..265d680f Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914929.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914941.png b/docs/waf/umn/en-us_image_0000001372914941.png new file mode 100644 index 00000000..8f895b49 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914941.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914957.png b/docs/waf/umn/en-us_image_0000001372914957.png new file mode 100644 index 00000000..ec1a0b65 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914957.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914961.png b/docs/waf/umn/en-us_image_0000001372914961.png new file mode 100644 index 00000000..e073236d Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914961.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914973.png b/docs/waf/umn/en-us_image_0000001372914973.png new file mode 100644 index 00000000..86935e32 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914973.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914977.png b/docs/waf/umn/en-us_image_0000001372914977.png new file mode 100644 index 00000000..2de38821 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914977.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914989.png b/docs/waf/umn/en-us_image_0000001372914989.png new file mode 100644 index 00000000..dc01b3f8 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914989.png differ diff --git a/docs/waf/umn/en-us_image_0000001372914993.png b/docs/waf/umn/en-us_image_0000001372914993.png new file mode 100644 index 00000000..35b66f78 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372914993.png differ diff --git a/docs/waf/umn/en-us_image_0000001372915005.png b/docs/waf/umn/en-us_image_0000001372915005.png new file mode 100644 index 00000000..3dd65715 Binary files /dev/null and b/docs/waf/umn/en-us_image_0000001372915005.png differ diff --git a/docs/waf/umn/en-us_image_0246108677.png b/docs/waf/umn/en-us_image_0246108677.png new file mode 100644 index 00000000..f9390c00 Binary files /dev/null and b/docs/waf/umn/en-us_image_0246108677.png differ diff --git a/docs/waf/umn/en-us_image_0246108818.png b/docs/waf/umn/en-us_image_0246108818.png new file mode 100644 index 00000000..27e55c1d Binary files /dev/null and b/docs/waf/umn/en-us_image_0246108818.png differ diff --git a/docs/waf/umn/en-us_image_0246109037.png b/docs/waf/umn/en-us_image_0246109037.png new file mode 100644 index 00000000..a7a3b246 Binary files /dev/null and b/docs/waf/umn/en-us_image_0246109037.png differ diff --git a/docs/waf/umn/en-us_image_0246112199.png b/docs/waf/umn/en-us_image_0246112199.png new file mode 100644 index 00000000..2fdf9668 Binary files /dev/null and b/docs/waf/umn/en-us_image_0246112199.png differ diff --git a/docs/waf/umn/en-us_image_0283637109.png b/docs/waf/umn/en-us_image_0283637109.png new file mode 100644 index 00000000..b32fe9ff Binary files /dev/null and b/docs/waf/umn/en-us_image_0283637109.png differ diff --git a/docs/waf/umn/public_sys-resources/ExpandCollapse.js b/docs/waf/umn/public_sys-resources/ExpandCollapse.js new file mode 100644 index 00000000..116ddaab --- /dev/null +++ b/docs/waf/umn/public_sys-resources/ExpandCollapse.js @@ -0,0 +1 @@ +var expandClassName="dropdownexpand";var collapseClassName="dropdowncollapse";var collapseTableClassName="dropdowncollapsetable";function ExpandorCollapseNode(a){a=a.parentNode;if(a.className==expandClassName){a.className=collapseClassName}else{a.className=expandClassName}}function ExpandorCollapseTableNode(a){a=a.parentNode;if(a.className==expandClassName){a.className=collapseTableClassName}else{a.className=expandClassName}}function ExpandorCollapseAllNodes(g,h,c){var a=g.getAttribute("title");var b=g.parentNode;if(a=="collapse"){g.setAttribute("title","expand");g.className="dropdownAllButtonexpand";g.innerHTML=h}else{g.setAttribute("title","collapse");g.className="dropdownAllButtoncollapse";g.innerHTML=c}var f=b.getElementsByTagName("*");for(var d=0;d-1){ExpandForHref(a.substring(a.lastIndexOf("#")+1))}}catch(c){}}; \ No newline at end of file diff --git a/docs/waf/umn/public_sys-resources/avgCompile.js b/docs/waf/umn/public_sys-resources/avgCompile.js new file mode 100644 index 00000000..32782268 --- /dev/null +++ b/docs/waf/umn/public_sys-resources/avgCompile.js @@ -0,0 +1 @@ +var name1=null;function test1(a){a=a.parentNode;a.className="test1"}function test2(a){a=a.parentNode;a.className="test2"}function test3(a){a=a.parentNode;a.className="test3"}function test4(a){a=a.parentNode;a.className="test4"}function test5(a){a=a.parentNode;a.className="test5"}function test6(a){a=a.parentNode;a.className="test6"}function test7(a){a=a.parentNode;a.className="test7"}function test8(a){a=a.parentNode;a.className="test8"}function test9(a){a=a.parentNode;a.className="test9"}function test10(a){a=a.parentNode;a.className="test10"}function test11(a){a=a.parentNode;a.className="test11"}function test12(a){a=a.parentNode;a.className="test12"}function test13(a){a=a.parentNode;a.className="test13"}function test2(a){a=a.parentNode;a.className="test2"}function test14(a){a=a.parentNode;a.className="test14"}function test15(a){a=a.parentNode;a.className="test15"}function test16(a){a=a.parentNode;a.className="test16"}function test17(a){a=a.parentNode;a.className="test17"}function test18(a){a=a.parentNode;a.className="test18"}function test19(a){a=a.parentNode;a.className="test19"}function test20(a){a=a.parentNode;a.className="test20"}function test21(a){a=a.parentNode;a.className="test21"}function test22(a){a=a.parentNode;a.className="test22"}function test23(a){a=a.parentNode;a.className="test23"}; \ No newline at end of file diff --git a/docs/waf/umn/public_sys-resources/caution_3.0-en-us.png b/docs/waf/umn/public_sys-resources/caution_3.0-en-us.png new file mode 100644 index 00000000..60f60762 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/caution_3.0-en-us.png differ diff --git a/docs/waf/umn/public_sys-resources/commonltr.css b/docs/waf/umn/public_sys-resources/commonltr.css new file mode 100644 index 00000000..c5480b0a --- /dev/null +++ b/docs/waf/umn/public_sys-resources/commonltr.css @@ -0,0 +1 @@ +body{font-size:10pt;font-family:Arial;margin:1.5em;border-top:2pt;padding-top:1em;padding-bottom:2em}.msgph{font-family:Courier New}.rowlinecopyright{color:red;margin-top:10pt}.unresolved{background-color:skyblue}.noTemplate{background-color:yellow}.base{background-color:#fff}.nested0{margin-top:1em}.p{margin-top:.6em;margin-bottom:.6em}p{margin-top:.5em;margin-bottom:.5em}.note p{margin-top:.5em;margin-bottom:.5em}.tip p{margin-top:.5em;margin-bottom:.5em}.danger p{margin-top:.5em;margin-bottom:.5em}.notice p{margin-top:.5em;margin-bottom:.5em}.warning p{margin-top:.5em;margin-bottom:.5em}.caution p{margin-top:.5em;margin-bottom:.5em}.attention p{margin-top:.5em;margin-bottom:.5em}table p{margin-top:.2em;margin-bottom:.2em}table .p{margin-top:.4em;margin-bottom:.2em}.figcap{font-size:10pt}img{margin-top:.3em}.figdesc{font-style:normal}.figborder{border-style:solid;padding-left:3px;border-width:2px;padding-right:3px;margin-top:1em;border-color:Silver}.figsides{border-left:2px solid;padding-left:3px;border-right:2px solid;padding-right:3px;margin-top:1em;border-color:Silver}.figtop{border-top:2px solid;margin-top:1em;border-color:Silver}.figbottom{border-bottom:2px solid;border-color:Silver}.figtopbot{border-top:2px solid;border-bottom:2px solid;margin-top:1em;border-color:Silver}.fignone{font-size:10pt;margin-top:8pt;margin-bottom:8pt}.familylinks{margin-top:1.5em;margin-bottom:1em}.ullinks{list-style-type:none}.linklist{margin-bottom:1em}.linklistwithchild{margin-left:1.5em;margin-bottom:1em}.sublinklist{margin-left:1.5em;margin-bottom:1em}.relconcepts{margin-top:.6em;margin-bottom:.6em}.reltasks{margin-top:.6em;margin-bottom:.6em}.relref{margin-top:.6em;margin-bottom:.6em}.relinfo{margin-top:.6em;margin-bottom:.6em}.breadcrumb{font-size:smaller;margin-bottom:.6em}.prereq{margin-left:20px}.parentlink{margin-top:.6em;margin-bottom:.6em}.nextlink{margin-top:.6em;margin-bottom:.6em}.previouslink{margin-top:.6em;margin-bottom:.6em}.topictitle1{margin-top:0;margin-bottom:1em;font-size:14pt;color:#007af4}.topictitle2{margin-top:1pc;margin-bottom:.45em;font-size:1.17em;color:#007af4}.topictitle3{margin-top:1pc;margin-bottom:.17em;font-size:1.17em;font-weight:bold;color:#007af4}.topictitle4{margin-top:.83em;font-size:1.17em;font-weight:bold}.topictitle5{font-size:1.17em;font-weight:bold}.topictitle6{font-size:1.17em;font-style:italic}.sectiontitle{margin-top:1em;margin-bottom:1em;color:black;font-size:10.5pt;font-weight:bold;color:#007af4;overflow:auto}.section{margin-top:1em;margin-bottom:1em}.example{margin-top:1em;margin-bottom:1em}.sectiontitle2contents:link{color:#007af4}.sectiontitle2contents:visited{color:#800080}.note{margin-top:1em;margin-bottom:1em;background-color:#ffc}.notetitle{font-weight:bold}.notelisttitle{font-weight:bold}.tip{margin-top:1em;margin-bottom:1em;background-color:#ffc}.tiptitle{font-weight:bold}.fastpath{margin-top:1em;margin-bottom:1em;background-color:#ffc}.fastpathtitle{font-weight:bold}.important{margin-top:1em;margin-bottom:1em;background-color:#ffc}.importanttitle{font-weight:bold}.remember{margin-top:1em;margin-bottom:1em;background-color:#ffc}.remembertitle{font-weight:bold}.restriction{margin-top:1em;margin-bottom:1em;background-color:#ffc}.restrictiontitle{font-weight:bold}.attention{margin-top:1em;margin-bottom:1em;background-color:#ffc}.attentiontitle{font-weight:bold}.dangertitle{font-weight:bold}.danger{margin-top:1em;margin-bottom:1em;background-color:#ffc}.noticetitle{font-weight:bold}.notice{margin-top:1em;margin-bottom:1em;background-color:#ffc}.warningtitle{font-weight:bold}.warning{margin-top:1em;margin-bottom:1em;background-color:#ffc}.cautiontitle{font-weight:bold}.caution{margin-top:1em;margin-bottom:1em;background-color:#ffc}ul.simple{list-style-type:none}li ul{margin-top:.6em}li{margin-top:.6em;margin-bottom:.6em}.note li{margin-top:.2em;margin-bottom:.2em}.tip li{margin-top:.2em;margin-bottom:.2em}.danger li{margin-top:.2em;margin-bottom:.2em}.warning li{margin-top:.2em;margin-bottom:.2em}.notice li{margin-top:.2em;margin-bottom:.2em}.caution li{margin-top:.2em;margin-bottom:.2em}.attention li{margin-top:.2em;margin-bottom:.2em}table li{margin-top:.2em;margin-bottom:.2em}ol{margin-top:1em;margin-bottom:1em;margin-left:2.4em;padding-left:0}ul{margin-top:1em;margin-bottom:1em;margin-left:2.0em;padding-left:0}ol ul{list-style:disc}ul ul{list-style:square}ol ul ul{list-style:square}ol ul{list-style-type:disc}table ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}table ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ul{margin-top:.4em;margin-bottom:.4em;list-style:square}table ol ol{margin-top:.4em;margin-bottom:.4em;list-style:lower-alpha}table ol ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}.substepthirdol{list-style-type:lower-roman}.firstcol{font-weight:bold}th{background-color:#cfcfcf}table{margin-top:8pt;margin-bottom:12pt;width:100%}table caption{margin-top:8pt;text-align:left}.bold{font-weight:bold}.boldItalic{font-weight:bold;font-style:italic}.italic{font-style:italic}.underlined{text-decoration:underline}.var{font-style:italic}.shortcut{text-decoration:underline}.dlterm{font-weight:bold}dd{margin-top:.5em;margin-bottom:.5em}.dltermexpand{font-weight:bold;margin-top:1em}*[compact="yes"]>li{margin-top:0}*[compact="no"]>li{margin-top:.53em}.liexpand{margin-top:1em;margin-bottom:1em}.sliexpand{margin-top:1em;margin-bottom:1em}.dlexpand{margin-top:1em;margin-bottom:1em}.ddexpand{margin-top:1em;margin-bottom:1em}.stepexpand{margin-top:.3em;margin-bottom:.3em}.substepexpand{margin-top:.3em;margin-bottom:.3em}div.imageleft{text-align:left}div.imagecenter{text-align:center}div.imageright{text-align:right}div.imagejustify{text-align:justify}div.noblankline{text-align:center}div.noblankline img{margin-top:0}pre.screen{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;background-color:#ddd;white-space:pre}pre.codeblock{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;background-color:#ddd;white-space:pre}.hrcopyright{color:#3f4e5d;margin-top:18pt}.hwcopyright{text-align:center}.comment{margin:2px 2px 2px 2px;font-family:Arial;font-size:10pt;background-color:#bfb;color:#000}.dropdownAllButtonexpand{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}.dropdownAllButtoncollapse{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;text-decoration:underline;color:#007af4}.dropdowntitle{background-repeat:no-repeat;background-position:0 4px;padding-left:15px;cursor:pointer;text-decoration:underline;color:#007af4}.dropdownexpand .dropdowntitle{background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.dropdowncollapse .dropdowncontext{display:none}.dropdowncollapse .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}.dropdowncollapsetable{border:0}.dropdowncollapsetable .dropdowncontext{display:none}.dropdowncollapsetable .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}pre{font-size:10pt;font-weight:normal;margin-left:9;margin-top:2;margin-bottom:2}.termcolor{color:blue;cursor:pointer}#dhtmlgoodies_tooltip{background-color:#f0f0d2;border:1px solid #000;position:absolute;display:none;z-index:20000;padding:2px;font-size:.9em;-moz-border-radius:6px;font-family:"Trebuchet MS","Lucida Sans Unicode",Arial,sans-serif}#dhtmlgoodies_tooltipShadow{position:absolute;background-color:#555;display:none;z-index:10000;opacity:.7;filter:alpha(opacity=70);-khtml-opacity:.7;-moz-opacity:.7;-moz-border-radius:6px}.freeze{position:fixed;_position:absolute;_top:expression(eval(document.documentElement.scrollTop));left:10;top:0} \ No newline at end of file diff --git a/docs/waf/umn/public_sys-resources/commonltr_print.css b/docs/waf/umn/public_sys-resources/commonltr_print.css new file mode 100644 index 00000000..a5982314 --- /dev/null +++ b/docs/waf/umn/public_sys-resources/commonltr_print.css @@ -0,0 +1 @@ +body{font-size:12.0pt;margin:1.5em;margin-left:1.6cm}.msgph{font-family:Courier New}.rowlinecopyright{color:red;margin-top:10pt}.unresolved{background-color:skyblue}.noTemplate{background-color:yellow}.base{background-color:#fff}.nested0{margin-top:1em}.p{margin-top:1em}p{margin-top:.5em;margin-bottom:.5em}.note p{margin-top:.5em;margin-bottom:.5em}.tip p{margin-top:.5em;margin-bottom:.5em}.danger p{margin-top:.5em;margin-bottom:.5em}.warning p{margin-top:.5em;margin-bottom:.5em}.notice p{margin-top:.5em;margin-bottom:.5em}.caution p{margin-top:.5em;margin-bottom:.5em}.attention p{margin-top:.5em;margin-bottom:.5em}table p{margin-top:.2em;margin-bottom:.2em}table .p{margin-top:.4em;margin-bottom:.2em}.covertable{border:0;width:100% cellpadding:8pt;cellspacing:8pt}.cover_productname{font-size:15.0pt;font-family:"Arial"}.cover_manualtitle{font-size:24.0pt;font-weight:bold;font-family:"Arial"}.cover_manualsubtitle{font-size:18.0pt;font-weight:bold;font-family:"Arial"}.cover_heading{font-size:12.0pt;font-weight:bold;font-family:"Arial"}.cover_text{font-size:9.0pt;font-family:"Arial"}.tocheading,.heading1,.topictitle1{margin-top:40.0pt;margin-right:0;margin-bottom:20.0pt;margin-left:-1cm;text-align:left;border:0;border-bottom:solid windowtext .5pt;font-size:22.0pt;font-family:"Arial";font-weight:bold}.topictitlenumber1{font-size:72.0pt;font-family:"Book Antiqua";font-weight:bold}.topictitle2{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:-1cm;text-indent:0;font-size:18.0pt;font-family:"Arial";font-weight:bold}.topictitle3{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:0;text-indent:0;font-size:16.0pt;font-family:"Book Antiqua";font-weight:bold}.topictitle4{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:0;text-indent:0;font-size:14.0pt;font-family:"Book Antiqua";font-weight:bold}.topictitle5{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:0;text-indent:0;font-size:13.0pt;font-family:"Book Antiqua";font-weight:bold}.blocklabel,.topictitle6{margin-top:15.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;text-indent:0;font-size:13.0pt;font-family:"Book Antiqua";font-weight:bold}.sectiontitle{margin-top:15.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:-1cm;text-indent:0;font-size:13.0pt;font-family:"Arial";font-weight:bold}.tocentry1{margin-top:8.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:12.0pt;font-family:"Book Antiqua";font-weight:bold}.tocentry2{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tocentry3{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tocentry4{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tocentry5{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tofentry1{margin-top:8.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman";font-weight:normal}.totentry1{margin-top:8.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman";font-weight:normal}.indexheading{margin-top:15.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;text-indent:0;font-size:13.0pt;font-family:"Book Antiqua";font-weight:bold}.indexentry1{margin-top:4pt;margin-right:0;margin-bottom:0;margin-left:0;line-height:12.0pt;font-size:12.0pt;font-family:"Times New Roman"}.indexentry2{margin-top:0;margin-right:0;margin-bottom:0;margin-left:24.0pt;line-height:12.0pt;font-size:12.0pt}.indexentry3{margin-top:0;margin-right:0;margin-bottom:0;margin-left:48pt;line-height:12.0pt;font-size:12.0pt}.figurenumber{font-weight:bold}.tablenumber{font-weight:bold}.familylinks{margin-top:1.5em;margin-bottom:1em}.figcap{font-size:11.0pt}.tablecap{font-size:11.0pt}.figdesc{font-style:normal}.fignone{margin-top:8.0pt}.figborder{border-style:solid;padding-left:3px;border-width:2px;padding-right:3px;margin-top:1em;border-color:Silver}.figsides{border-left:2px solid;padding-left:3px;border-right:2px solid;padding-right:3px;margin-top:1em;border-color:Silver}.figtop{border-top:2px solid;margin-top:1em;border-color:Silver}.figbottom{border-bottom:2px solid;border-color:Silver}.figtopbot{border-top:2px solid;border-bottom:2px solid;margin-top:1em;border-color:Silver}.ullinks{margin-left:0;list-style-type:none}.ulchildlink{margin-top:1em;margin-bottom:1em}.olchildlink{margin-top:1em;margin-bottom:1em;margin-left:1em}.linklist{margin-bottom:1em}.linklistwithchild{margin-left:1.5em;margin-bottom:1em}.sublinklist{margin-left:1.5em;margin-bottom:1em}.relconcepts{margin-left:1cm;margin-top:1em;margin-bottom:1em}.reltasks{margin-left:1cm;margin-top:1em;margin-bottom:1em}.relref{margin-left:1cm;margin-top:1em;margin-bottom:1em}.relinfo{margin-top:1em;margin-bottom:1em}.breadcrumb{font-size:smaller;margin-bottom:1em}.prereq{margin-left:0}.parentlink{margin-top:.6em;margin-bottom:.6em}.nextlink{margin-top:.6em;margin-bottom:.6em}.previouslink{margin-top:.6em;margin-bottom:.6em}.section{margin-top:1em;margin-bottom:1em}.example{margin-top:1em;margin-bottom:1em}table .note{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.note{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.notetitle{font-weight:bold;font-size:11.0pt}.notelisttitle{font-weight:bold}table .tip{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.tip{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.tiptitle{font-weight:bold;font-size:11.0pt}table .fastpath{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.fastpath{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.fastpathtitle{font-weight:bold;font-size:11.0pt}table .important{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman";font-style:italic}.important{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.importanttitle{font-weight:bold;font-size:11.0pt}table .remember{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman";font-style:italic}.remember{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.remembertitle{font-weight:bold;font-size:11.0pt}table .restriction{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman";font-style:italic}.restriction{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.restrictiontitle{font-weight:bold;font-size:11.0pt}table .attention{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.attention{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}.attentiontitle{font-weight:bold}table .danger{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.dangertitle{font-weight:bold}.danger{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}table .notice{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.noticetitle{font-weight:bold}.notice{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}table .warning{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.warningtitle{font-weight:bold}.warning{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}table .caution{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}table caption{margin-top:8pt;text-align:left;font-weight:bold}.tablenoborder{margin-top:8pt}.cautiontitle{font-weight:bold}.caution{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}ul.simple{list-style-type:none}li ul{margin-top:.6em}li{margin-top:.6em;margin-bottom:.6em}.note li{margin-top:.2em;margin-bottom:.2em}.tip li{margin-top:.2em;margin-bottom:.2em}.danger li{margin-top:.2em;margin-bottom:.2em}.warning li{margin-top:.2em;margin-bottom:.2em}.notice li{margin-top:.2em;margin-bottom:.2em}.caution li{margin-top:.2em;margin-bottom:.2em}.attention li{margin-top:.2em;margin-bottom:.2em}table li{margin-top:.2em;margin-bottom:.2em}.firstcol{font-weight:bold}th{background-color:#cfcfcf}.bold{font-weight:bold}.boldItalic{font-weight:bold;font-style:italic}.italic{font-style:italic}.underlined{text-decoration:underline}.var{font-style:italic}.shortcut{text-decoration:underline}.dlterm{font-weight:bold}dd{margin-top:.5em;margin-bottom:.5em}.dltermexpand{font-weight:bold;margin-top:1em}*[compact="yes"]>li{margin-top:0}*[compact="no"]>li{margin-top:.53em}.liexpand{margin-top:1em;margin-bottom:1em}.sliexpand{margin-top:1em;margin-bottom:1em}.dlexpand{margin-top:1em;margin-bottom:1em}.ddexpand{margin-top:1em;margin-bottom:1em}.stepexpand{margin-top:1em;margin-bottom:1em}.substepexpand{margin-top:1em;margin-bottom:1em}table{margin-top:8pt;margin-bottom:10.0pt;width:100%}thead{font-size:10.0pt;font-family:"Book Antiqua";font-weight:bold}tbody{font-size:11.0pt}ol{margin-top:1em;margin-bottom:1em;margin-left:1.7em;-webkit-padding-start:0}ul{margin-top:1em;margin-bottom:1em;margin-left:1.2em;-webkit-padding-start:0}ol ul{list-style:disc}ul ul{list-style:square}ol ol{list-style-type:lower-alpha}table ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}table ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ul{margin-top:.4em;margin-bottom:.4em;list-style:square}table ol ol{margin-top:.4em;margin-bottom:.4em;list-style:lower-alpha}table ol ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}.substepthirdol{list-style-type:lower-roman}div.imageleft{text-align:left}div.imagecenter{text-align:center}div.imageright{text-align:right}div.imagejustify{text-align:justify}div.noblankline{text-align:center}div.noblankline img{margin-top:0}pre{font-size:10.0pt;border-width:2px;padding:2px;margin-top:5px;margin-bottom:5px;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}pre.screen{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;white-space:pre}pre.codeblock{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;white-space:pre}.dropdownAllButtonexpand{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}.dropdownAllButtoncollapse{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;text-decoration:underline;color:#007af4}.dropdowntitle{background-repeat:no-repeat;background-position:0 4px;padding-left:15px;cursor:pointer;text-decoration:underline;color:#007af4}.dropdownexpand .dropdowntitle{background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.dropdowncollapse .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.dropdowncollapsetable .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.prefacesectiontitle1{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:-1cm;text-indent:0;font-size:18.0pt;font-family:"Book Antiqua";font-weight:bold;overflow:auto}.termcolor{color:blue;cursor:pointer}#dhtmlgoodies_tooltip{background-color:#f0f0d2;border:1px solid #000;position:absolute;display:none;z-index:20000;padding:2px;font-size:.9em;-moz-border-radius:6px;font-family:"Trebuchet MS","Lucida Sans Unicode",Arial,sans-serif}#dhtmlgoodies_tooltipShadow{position:absolute;background-color:#555;display:none;z-index:10000;opacity:.7;filter:alpha(opacity=70);-khtml-opacity:.7;-moz-opacity:.7;-moz-border-radius:6px}.freeze{position:fixed;_position:absolute;_top:expression(eval(document.documentElement.scrollTop));left:10;top:0}.hrcopyright{color:#3f4e5d;margin-top:18pt;margin-left:-1cm}.hwcopyright{text-align:center;font-family:Arial;margin-left:-1cm} \ No newline at end of file diff --git a/docs/waf/umn/public_sys-resources/commonrtl.css b/docs/waf/umn/public_sys-resources/commonrtl.css new file mode 100644 index 00000000..f261da75 --- /dev/null +++ b/docs/waf/umn/public_sys-resources/commonrtl.css @@ -0,0 +1,2 @@ +/*! Copyright (c) Huawei Technologies Co., Ltd. 2020-2022. All rights reserved. */.msgph{font-family:Courier New}.unresolved{background-color:#87ceeb}.noTemplate{background-color:#ff0}.base{background-color:#fff}/*! Add space for top level topics */.nested0,.p{margin-top:1em}/*! div with class=p is used for paragraphs that contain blocks, to keep the XHTML valid *//*! Default of italics to set apart figure captions */.figcap,.italic,.var{font-style:italic}.figdesc{font-style:normal}/*! Use @frame to create frames on figures */.figborder{padding-left:3px;padding-right:3px;margin-top:1em;border:2px solid Silver}.figsides{margin-top:1em;padding-left:3px;padding-right:3px;border-left:2px solid Silver;border-right:2px solid Silver}.figtop{border-top:2px solid Silver;margin-top:1em}.figbottom{border-bottom:2px solid Silver}.figtopbot{border-top:2px solid Silver;border-bottom:2px solid Silver;margin-top:1em}/*! Most link groups are created with
. Ensure they have space before and after. */.ullinks,ul.simple{list-style-type:none}.attention,.danger,.ddexpand,.dlexpand,.example,.fastpath,.important,.liexpand,.linklist,.note,.notice,.olchildlink,.relconcepts,.relinfo,.relref,.reltasks,.remember,.restriction,.section,.sliexpand,.stepexpand,.substepexpand,.tip,.ulchildlink,.warning{margin-top:1em;margin-bottom:1em}.linklistwithchild,.sublinklist{margin-top:1em;margin-right:1.5em;margin-bottom:1em}.breadcrumb{font-size:smaller;margin-bottom:1em}.prereq{margin-right:20px}/*! Set heading sizes, getting smaller for deeper nesting */.topictitle1{font-size:1.34em;margin-top:0;margin-bottom:.1em}.topictitle2,.topictitle3,.topictitle4,.topictitle5,.topictitle6,.sectiontitle{font-size:1.17em}.topictitle2{margin-top:1pc;margin-bottom:.45em}.topictitle3{margin-top:1pc;margin-bottom:.17em;font-weight:700}.topictitle4{margin-top:.83em;font-weight:700}.topictitle5{font-weight:700}.topictitle6{font-style:italic}.sectiontitle{margin-top:1em;margin-bottom:0;color:#000;font-weight:700}/*! All note formats have the same default presentation */.attentiontitle,.bold,.cautiontitle,.dangertitle,.dlterm,.fastpathtitle,.firstcol,.importanttitle,.notelisttitle,.notetitle,.noticetitle,.parmname,.remembertitle,.restrictiontitle,.tiptitle,.uicontrol,.warningtitle{font-weight:700}.caution{font-weight:700;margin-bottom:1em}/*! Simple lists do not get a bullet *//*! Used on the first column of a table, when rowheader="firstcol" is used *//*! Various basic phrase styles */.boldItalic{font-weight:700;font-style:italic}.shortcut,.underlined{text-decoration:underline}/*! 2008-10-27 keyword采用跟随上下文的样式 +*//*! Default of bold for definition list terms *//*! Use CSS to expand lists with @compact="no" */.dltermexpand{font-weight:700;margin-top:1em}[compact="yes"]>li{margin-top:0}[compact="no"]>li{margin-top:.53em}/*! Align images based on @align on topic/image */div.imageleft,.text-align-left{text-align:left}div.imagecenter,.text-align-center{text-align:center}div.imageright,.text-align-right{text-align:right}div.imagejustify,.text-align-justify{text-align:justify}.cellrowborder{border-right:0;border-top:0;border-left:1px solid;border-bottom:1px solid}.row-nocellborder{border-left:hidden;border-right:0;border-top:0;border-bottom:1px solid}.cell-norowborder{border-top:0;border-bottom:hidden;border-right:0;border-left:1px solid}.nocellnorowborder{border:0;border-left:hidden;border-bottom:hidden}pre.codeblock,pre.screen{padding:5px;border:outset;background-color:#ccc;margin-top:2px;margin-bottom:2px;white-space:pre} \ No newline at end of file diff --git a/docs/waf/umn/public_sys-resources/danger_3.0-en-us.png b/docs/waf/umn/public_sys-resources/danger_3.0-en-us.png new file mode 100644 index 00000000..47a9c723 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/danger_3.0-en-us.png differ diff --git a/docs/waf/umn/public_sys-resources/delta.gif b/docs/waf/umn/public_sys-resources/delta.gif new file mode 100644 index 00000000..0d1b1f67 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/delta.gif differ diff --git a/docs/waf/umn/public_sys-resources/deltaend.gif b/docs/waf/umn/public_sys-resources/deltaend.gif new file mode 100644 index 00000000..cc7da0fc Binary files /dev/null and b/docs/waf/umn/public_sys-resources/deltaend.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-arrowdn.gif b/docs/waf/umn/public_sys-resources/icon-arrowdn.gif new file mode 100644 index 00000000..84eec9be Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-arrowdn.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-arrowrt.gif b/docs/waf/umn/public_sys-resources/icon-arrowrt.gif new file mode 100644 index 00000000..39583d16 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-arrowrt.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-caution.gif b/docs/waf/umn/public_sys-resources/icon-caution.gif new file mode 100644 index 00000000..079c79b2 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-caution.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-danger.gif b/docs/waf/umn/public_sys-resources/icon-danger.gif new file mode 100644 index 00000000..079c79b2 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-danger.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-huawei.gif b/docs/waf/umn/public_sys-resources/icon-huawei.gif new file mode 100644 index 00000000..a31d60f8 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-huawei.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-note.gif b/docs/waf/umn/public_sys-resources/icon-note.gif new file mode 100644 index 00000000..31be2b03 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-note.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-notice.gif b/docs/waf/umn/public_sys-resources/icon-notice.gif new file mode 100644 index 00000000..40907065 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-notice.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-tip.gif b/docs/waf/umn/public_sys-resources/icon-tip.gif new file mode 100644 index 00000000..c47bae05 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-tip.gif differ diff --git a/docs/waf/umn/public_sys-resources/icon-warning.gif b/docs/waf/umn/public_sys-resources/icon-warning.gif new file mode 100644 index 00000000..079c79b2 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/icon-warning.gif differ diff --git a/docs/waf/umn/public_sys-resources/note_3.0-en-us.png b/docs/waf/umn/public_sys-resources/note_3.0-en-us.png new file mode 100644 index 00000000..57a0e1f5 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/note_3.0-en-us.png differ diff --git a/docs/waf/umn/public_sys-resources/notice_3.0-en-us.png b/docs/waf/umn/public_sys-resources/notice_3.0-en-us.png new file mode 100644 index 00000000..fa4b6499 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/notice_3.0-en-us.png differ diff --git a/docs/waf/umn/public_sys-resources/popup.js b/docs/waf/umn/public_sys-resources/popup.js new file mode 100644 index 00000000..a550862e --- /dev/null +++ b/docs/waf/umn/public_sys-resources/popup.js @@ -0,0 +1 @@ +var i=0;var dhtmlgoodies_tooltipFlag=false;var dhtmlgoodies_tooltip="";var dhtmlgoodies_tooltipShadow="";var dhtmlgoodies_shadowSize=3;var dhtmlgoodies_tooltipMaxWidth=500;var dhtmlgoodies_tooltipMinWidth=100;var dhtmlgoodies_iframe=false;var timeId;var clickFlag=false;var tooltip_is_msie=(navigator.userAgent.indexOf("MSIE")>=0&&navigator.userAgent.indexOf("opera")==-1&&document.all)?true:false;var xPos;var yPos;window.document.onmousemove=function(a){a=a||window.event;if(a.pageX){xPos=a.pageX;yPos=a.pageY}else{if(document.body!==null&&typeof document.body!=="undefined"){xPos=a.clientX+document.body.scrollLeft-document.body.clientLeft;yPos=a.clientY+document.body.scrollTop-document.body.clientTop}}};function showTooltip(e){if(document.body===null||typeof document.body==="undefined"){return}if(i==0){return}clickFlag=true;var f=Json.parse("jsonData."+e);var a=Math.max(document.body.clientWidth,document.documentElement.clientWidth)-20;if(!dhtmlgoodies_tooltipFlag){dhtmlgoodies_tooltip=document.createElement("DIV");dhtmlgoodies_tooltip.id="dhtmlgoodies_tooltip";dhtmlgoodies_tooltipShadow=document.createElement("DIV");dhtmlgoodies_tooltipShadow.id="dhtmlgoodies_tooltipShadow";document.body.appendChild(dhtmlgoodies_tooltip);document.body.appendChild(dhtmlgoodies_tooltipShadow);if(tooltip_is_msie){dhtmlgoodies_iframe=document.createElement("IFRAME");dhtmlgoodies_iframe.frameborder="5";dhtmlgoodies_iframe.style.backgroundColor="#FFFFFF";dhtmlgoodies_iframe.src="#";dhtmlgoodies_iframe.style.zIndex=100;dhtmlgoodies_iframe.style.position="absolute";document.body.appendChild(dhtmlgoodies_iframe)}}dhtmlgoodies_tooltip.style.display="block";dhtmlgoodies_tooltipShadow.style.display="block";if(tooltip_is_msie){dhtmlgoodies_iframe.style.display="block"}var b=Math.max(document.body.scrollTop,document.documentElement.scrollTop);if(navigator.userAgent.toLowerCase().indexOf("safari")>=0){b=0}var c=xPos+10;dhtmlgoodies_tooltip.style.width=null;dhtmlgoodies_tooltip.innerHTML=f;dhtmlgoodies_tooltip.style.left=c+"px";if(tooltip_is_msie){dhtmlgoodies_tooltip.style.top=yPos+20+b+"px"}else{dhtmlgoodies_tooltip.style.top=yPos+20+"px"}dhtmlgoodies_tooltipShadow.style.left=c+dhtmlgoodies_shadowSize+"px";if(tooltip_is_msie){dhtmlgoodies_tooltipShadow.style.top=yPos+20+b+dhtmlgoodies_shadowSize+"px"}else{dhtmlgoodies_tooltipShadow.style.top=yPos+20+dhtmlgoodies_shadowSize+"px"}if(dhtmlgoodies_tooltip.offsetWidth>dhtmlgoodies_tooltipMaxWidth){dhtmlgoodies_tooltip.style.width=dhtmlgoodies_tooltipMaxWidth+"px"}var d=dhtmlgoodies_tooltip.offsetWidth;if(da){dhtmlgoodies_tooltip.style.left=(dhtmlgoodies_tooltipShadow.style.left.replace("px","")-((c+d)-a))+"px";dhtmlgoodies_tooltipShadow.style.left=(dhtmlgoodies_tooltipShadow.style.left.replace("px","")-((c+d)-a)+dhtmlgoodies_shadowSize)+"px"}if(tooltip_is_msie){dhtmlgoodies_iframe.style.left=dhtmlgoodies_tooltip.style.left;dhtmlgoodies_iframe.style.top=dhtmlgoodies_tooltip.style.top;dhtmlgoodies_iframe.style.width=dhtmlgoodies_tooltip.offsetWidth+"px";dhtmlgoodies_iframe.style.height=dhtmlgoodies_tooltip.offsetHeight+"px"}}function hideTooltip(){i=0;clickFlag=false;if((dhtmlgoodies_tooltip!==null&&typeof dhtmlgoodies_tooltip!=="undefined")&&+(dhtmlgoodies_tooltip.style!==null&&typeof dhtmlgoodies_tooltip.style!=="undefined")){dhtmlgoodies_tooltip.style.display="none";dhtmlgoodies_tooltipShadow.style.display="none";if(tooltip_is_msie){dhtmlgoodies_iframe.style.display="none"}}if(timeId!==null&&typeof timeId!=="undefined"&&timeId!=""){clearTimeout(timeId)}}function showText(a){i=1;timeId=setTimeout(function(){showTooltip(a)},500)}function showText2(a){if(!clickFlag){i=1;showTooltip(a);i=0;if(timeId!==null&&typeof timeId!=="undefined"&&timeId!=""){clearTimeout(timeId)}}}function anchorScroll(b){var d=document.getElementsByName(b);if(d!=null&&d.length>0){var c=d[0];var a=c.getBoundingClientRect().left+(document.body.scrollLeft||(document.documentElement&&document.documentElement.scrollLeft));var e=c.getBoundingClientRect().top+(document.body.scrollTop||(document.documentElement&&document.documentElement.scrollTop));window.scrollTo(a,e-30)}}; \ No newline at end of file diff --git a/docs/waf/umn/public_sys-resources/warning_3.0-en-us.png b/docs/waf/umn/public_sys-resources/warning_3.0-en-us.png new file mode 100644 index 00000000..def5c356 Binary files /dev/null and b/docs/waf/umn/public_sys-resources/warning_3.0-en-us.png differ diff --git a/docs/waf/umn/waf_01_0002.html b/docs/waf/umn/waf_01_0002.html new file mode 100644 index 00000000..65a92e58 --- /dev/null +++ b/docs/waf/umn/waf_01_0002.html @@ -0,0 +1,168 @@ + + +

Creating a Domain Name

+

This section describes how to create a domain name and connect it to WAF. After connecting a domain name, WAF works as a reverse proxy between the client and server. The real IP address of the server is hidden and only the IP address of WAF is visible to web visitors.

+

Prerequisites

Login credentials have been obtained.

+
+

Domain Configuration Principle

  • Figure 1 shows how WAF works if the web server is using a proxy.
    Figure 1 A proxy configured
    +
    • DNS resolves the domain name to the IP address of a proxy (such as AAD) before your site is moved to WAF. In this case, the traffic passes through the proxy and then the proxy routes the traffic back to the origin server.
    • After your site is moved to WAF, DNS resolves your domain name to the access address of WAF. In this way, the proxy forwards the traffic to WAF. WAF then filters out illegitimate traffic and only routes legitimate traffic back to the origin server.
      1. Change the back-to-source IP address of the proxy to the access address of WAF.
      2. Add a WAF subdomain name and TXT record to the DNS records of your DNS provider.
      +
    +
+
  • Figure 2 shows how WAF works if the web server does not use a proxy.
    Figure 2 No proxy configured
    +
    • DNS resolves your domain name to the origin server IP address before your site is connected to WAF. Therefore, web visitors can directly access the server.
    • After your website is connected to WAF, DNS resolves your domain name to the CNAME record of WAF. In this way, the traffic passes through WAF. WAF then filters out illegitimate traffic and only routes legitimate traffic back to the origin server.
    +
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall.
  4. In the navigation pane, choose Domains. Figure 3 shows an example.

    Figure 3 Domains
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  5. In the upper right corner of the domain name list, click Create Domain.
  6. On the Create Domain page, specify required parameters by referring to Table 1. Figure 4 shows an example.

    Figure 4 Configuring basic settings
    +
    +
    + + + + + + + + + + + + + + + + + + + + + +
    Table 1 Parameter description

    Parameter

    +

    Description

    +

    Example Value

    +

    Domain Name

    +

    A domain name to be protected, which can be a single domain name or a wildcard domain name.

    +
    • Single domain name: For example, www.example.com
    • Wildcard domain name
      • If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, *.example.com.
      • If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.
      +
    +

    Single domain name: www.example.com

    +

    Wildcard domain name: *.example.com

    +

    Non-standard Port

    +

    Set this parameter only if Non-standard Port is selected.

    +
    • If Client Protocol is HTTP, WAF protects the standard port 80 only by default. To protect a non-standard port, select Non-standard Port and then select a value from the Non-standard Port drop-down list.
    • If Client Protocol is HTTPS, WAF protects the standard port 443 by default. To protect a non-standard port, select Non-standard Port and then select a value from the Non-standard Port drop-down list.
    +

    For details about non-standard ports supported by WAF, see Web Application Firewall.

    +

    4443

    +

    Server Configuration

    +

    Address configurations of the web server, including Client Protocol, Server Protocol, Server Address, and Server Port.

    +
    • Client Protocol: Type of client protocol. The options are HTTP and HTTPS.
    • Server Protocol: Protocol used by WAF to forward requests to the server. The options are HTTP and HTTPS.
      NOTE:

      For details about configuring Client Protocol and Server Protocol, see Rules for Configuring Client Protocol and Server Protocol.

      +
      +
    • Server Address: IP address (generally the A record before the domain name is connected to WAF) or domain name (generally the CNAME before the domain name is connected to WAF) of the web server that a client accesses
      NOTE:

      Web Application Firewall (WAF) does not support health check. If you want to use health check, use WAF along with Elastic Load Balancing (ELB). For details about how to configure ELB, see Backend Server (Enhanced Load Balancer). After ELB is configured, the elastic IP address (EIP) of ELB is used as the value of Server Address to connect to WAF for health check.

      +
      +
    • Server Port: Port number used by the web server
    +

    Client Protocol: HTTPS

    +

    Server Protocol: HTTP

    +

    Server Address: XXX.XXX.1.1

    +

    Server Port: 80

    +

    Certificate Name

    +

    If Client Protocol is HTTPS, select an existing certificate or upload a new certificate. For details about how to upload a new certificate, see Step 7.

    +

    None

    +
    +
    +
    +

  7. Upload a new certificate if Client Protocol is HTTPS.

    +
    1. Click Upload Certificate. In the displayed Upload Certificate dialog box, enter the certificate name and paste the certificate file and private key to the corresponding text boxes. Figure 5 shows an example.
      Figure 5 Uploading a certificate
      +
      • In the Upload Certificate dialog box, click Quota details to view the certificate quota.
      • WAF encrypts and saves the private key to keep it safe.
      • For details about the combination sequence of a certificate chain, see How Do I Fix an Incomplete Certificate Chain?
      +
      +
      Currently, only .pem certificates are supported. If the certificate is not in .pem format, convert it into a .pem certificate by referring to Table 2 before uploading. +
      + + + + + + + + + + + + + + + + +
      Table 2 Certificate conversion commands

      Format

      +

      Usage (Using OpenSSL)

      +

      CER/CRT

      +

      Rename the cert.crt certificate file to cert.pem.

      +

      PFX

      +
      • Obtain a private key. For example, run the following command to convert cert.pfx into cert.key:

        openssl pkcs12 -in cert.pfx -nocerts -out cert.key -nodes

        +
      • Obtain a certificate. For example, run the following command to convert cert.pfx into cert.pem:

        openssl pkcs12 -in cert.pfx -nokeys -out cert.pem

        +
      +

      P7B

      +
      1. Convert a certificate. For example, run the following command to convert cert.p7b into cert.cer:

        openssl pkcs7 -print_certs -in cert.p7b -out cert.cer

        +
      2. Rename certificate file cert.cer to cert.pem.
      +

      DER

      +
      • Obtain a private key. For example, run the following command to convert privatekey.der into privatekey.pem:

        openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

        +
      • Obtain a certificate. As an example, run the following command to convert cert.cer into cert.pem:

        openssl x509 -inform der -in cert.cer -out cert.pem

        +
      +
      +
      +
      +
    2. Click OK.
    +

  8. Set Proxy Configured. The default value is No.

    The bypassed option is unavailable during proxy use.

    +
    +
    • If your website is using a proxy such as Advanced Anti-DDoS (AAD), Content Delivery Network (CDN), or any other cloud acceleration service, select Yes so that the WAF security policies take effect on the origin server IP address. If this parameter is No, WAF cannot obtain the real IP address requested by a web visitor.

      If a proxy such as CDN is used, WAF obtains the real source IP address of a client from the HTTP Header X-Forwarded-For by default. If the proxy does not use X-Forwarded-For to identify the real source IP address of a client, click next to X-Forwarded-For in the row of Source IP Header. In the dialog box displayed, select an existing source IP header or select Custom and enter a source IP header.

      +
      +
    • If your website does not use a proxy, select No.
    +

  9. (Optional) Configure a tag.

    You can select an existing tag key and tag value from the Tag key and Tag value drop-down lists or click View predefined tags to create a tag on the TMS console.

    +

  10. Click Create Now. In the upper right corner of the page, if Domain created successfully is displayed, the domain name is created.

    If you do not want to connect the domain name to WAF in this step, click Next. Then click Finish. DNS is displayed as Unconfigured. Later, you can refer to Connecting a Domain Name to finish domain connection.

    +
    +
    • If a proxy such as CDN or AAD is used, you need to configure the back-to-source IP address, subdomain name, and TXT record. Figure 6 shows an example.
      Figure 6 Connecting a domain name
      +
      1. Configure the back-to-source IP address of the proxy on the website.

        For example, change the back-to-source IP address of CDN or AAD to the WAF IP address by following the instructions shown in Figure 6.

        +
      2. Configure Subdomain Name and TXT Record.

        Add a subdomain name and TXT record to the DNS records of your DNS provider by following the instructions shown in Figure 6.

        +
      +

      The high availability of our system, which is based on multi-AZ deployments to support both active-active and disaster recovery, relies on the WAF CNAME record.

      +
      +
    • If no proxy is used, the CNAME record must be configured. Figure 7 shows an example.
      Figure 7 Connecting a domain name (CNAME record)
      +
      1. Go to your DNS provider and configure the CNAME record. For details, contact your DNS provider.
        The high availability of our system, which is based on multi-AZ deployments to support both active-active and disaster recovery, relies on the WAF CNAME record. Therefore,
        1. Do not modify the hosts file. Add the CNAME record directly to the DNS records of your DNS provider.
        2. Do not use the A record to replace the CNAME record.
        +
        +
        +

        The CNAME binding method of some common DNS providers is listed for your reference. If the following configuration is inconsistent with the actual configuration, rely on information provided by the DNS providers.

        +
        1. Log in to the management console of the DNS provider.
        2. Go to the domain resolution record page.
        3. Set the CNAME resolution record.
          • Set the record type to CNAME.
          • Generally, enter the domain name prefix in the host record. For example, if the protected domain name is admin.demo.com, enter admin in the host record.
          • The record value is the CNAME generated by WAF.
          • Resolution line: keep the default value TTL.
          +
        4. Click Save.
        +

        The preceding resolution methods are provided by third parties. This document does not control or assume responsibility for any third party content, including but not limited to its accuracy, compatibility, reliability, availability, legitimacy, appropriateness, performance, non-infringement, or status update, unless otherwise specified in this document.

        +
        +
      2. Verify that the CNAME has been configured.
        1. In Windows, choose Start > Run. Then enter cmd and press Enter.
        2. Run the following command to query the CNAME. If the configured CNAME is displayed, the configuration is successful.

          nslookup www.domain.com

          +
        +
      +
    +

  11. After the domain name is connected to WAF, click Next.
  12. Click Finish.

    You can view the DNS status and mode of the domain name in the domain list.

    +
    • If your web server is using other firewalls, disable the firewalls or whitelist the WAF IP address ranges.
    • If your web server is using personal security software, replace it with enterprise security software and whitelist the WAF IP address ranges.
    • If a domain name has been connected to WAF, DNS should be Normal. If DNS is Unconfigured, choose More > Check DNS in the Operation column of the target domain name to check the DNS status. If the problem persists, perform domain connection again by referring to What Should I Do If the DNS Status Is Unconfigured?
    • After a domain name is created, WAF protection is enabled by default. The mode of Basic Web Protection is Log only (detected attacks are only logged but not blocked.). WAF creates a CC attack protection rule for the domain name by default. The rule can be modified but cannot be deleted. Rate Limit in the rule is 500 requests/5 seconds by default and it can be adjusted up to 10000 requests/5 seconds. If you want a higher rate limit than the maximum value, contact the administrator.
    +
    +

+
+

Rules for Configuring Client Protocol and Server Protocol

WAF provides various protocol types. If your website is www.example.com, WAF provides the following four access modes:

+
  • HTTP mode. Figure 8 shows an example.
    Figure 8 HTTP mode
    +

    This configuration allows web visitors to access your website over HTTP only. If they access over HTTPS, they receive the 302 Found code and are redirected to http://www.example.com.

    +
    +
  • HTTPS mode. This configuration allows web visitors to access your website over HTTPS only. If they access over HTTP, they are redirected to https://www.example.com. Figure 9 shows an example.
    Figure 9 HTTPS mode
    +
    • If web visitors access your website over HTTPS, the website returns a successful response.
    • If web visitors access your website over HTTP, they receive the 302 Found code and are directed to https://www.example.com.
    +
    +
  • HTTP and HTTPS mode. Figure 10 shows an example.
    Figure 10 HTTP and HTTPS mode
    +

    +
    • If web visitors access your website over HTTP, the website returns a successful response but no communication between the browser and website is encrypted.
    • If web visitors access your website over HTTPS, the website returns a successful response and all communications between the browser and website are encrypted.
    +
    +
  • HTTPS/HTTP mode. Figure 11 shows an example.
    Figure 11 HTTPS/HTTP mode
    +

    If web visitors access your website over HTTPS, WAF forwards the requests to your origin server over HTTP.

    +
    +
+
+
+
+
+
Parent topic: Getting Started
+
+
+ diff --git a/docs/waf/umn/waf_01_0003.html b/docs/waf/umn/waf_01_0003.html new file mode 100644 index 00000000..da6c0064 --- /dev/null +++ b/docs/waf/umn/waf_01_0003.html @@ -0,0 +1,20 @@ + + +

Enabling WAF Protection

+

This section describes how to enable WAF protection.

+
  • The WAF engine does not run on your web server. Therefore, your web server performance will not be affected.
  • After your domain name is connected to WAF, there will be a latency of tens of milliseconds, but might be raised based on the size of the requested page or number of incoming requests.
  • You are billed for queries per second (QPS) or service bandwidth. One HTTP GET request is counted as a query, and the maximum QPS WAF can handle is 10,000. The total volume of normal traffic to a website or domain names protected by WAF is counted as the service bandwidth, and the maximum service bandwidth WAF can handle is 300 Mbit/s.
+
+

Prerequisites

  • Login credentials have been obtained.
  • Mode for WAF to protect the domain name is Disabled or Bypassed.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Domains. Figure 1 shows an example.

    Figure 1 Domains page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. In the Operation column of the target domain name, click Switch Mode.
  5. In the Switch Mode dialog box, select Enabled and then click OK.
+
+
+
+
+
Parent topic: Domain Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0004.html b/docs/waf/umn/waf_01_0004.html new file mode 100644 index 00000000..1aaf895b --- /dev/null +++ b/docs/waf/umn/waf_01_0004.html @@ -0,0 +1,18 @@ + + +

Disabling WAF Protection

+

This section describes how to disable WAF protection. In this mode, WAF only forwards requests, but does not detect them.

+

Prerequisites

  • Login credentials have been obtained.
  • Mode for WAF to protect the domain name is Enabled or Bypassed.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Domain name list
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. In the Operation column of the target domain name, click Switch Mode.
  5. In the Switch Mode dialog box, select Disabled and then click OK.
+
+
+
+
+
Parent topic: Domain Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0005.html b/docs/waf/umn/waf_01_0005.html new file mode 100644 index 00000000..ec52890d --- /dev/null +++ b/docs/waf/umn/waf_01_0005.html @@ -0,0 +1,27 @@ + + +

Deleting a Protected Domain Name

+

This section describes how to delete a protected domain name from WAF.

+
  • If the domain name to be deleted has been connected to WAF, re-resolve it with the DNS provider before you delete it to make it point to the origin server IP address. Otherwise, traffic intended to it will not be directed to the server, affecting access.
  • Deletion takes effect within 1 minute and deleted domain names cannot be recovered. Therefore, exercise caution when deleting a domain name.
+
+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be deleted is resolved to the origin server address.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Domains. Figure 1 shows an example.

    Figure 1 Domains page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the domain name to be deleted. In the Operation column, choose More > Delete.

    • No proxy used (see Figure 2)
      • After confirmation, select "The CNAME of the domain name has been deleted from the DNS provider, and an A-record has been configured to the origin server IP address, or services carried on the domain name have been brought offline."
      • If you want to retain the policy bound to the domain name, select Retain the policy of this domain name.
      +
      +
      Figure 2 Deleting a domain name (without a proxy)
      +
    • Proxy used (see Figure 3)
      • After confirmation, select The domain name has been pointed to the origin server on the Advanced Anti-DDoS, CDN, or cloud acceleration service side, or services carried on the domain name have been brought offline.
      • If you want to retain the policy bound to the domain name, select Retain the policy of this domain name.
      +
      +
      Figure 3 Deleting a domain name (with a proxy)
      +
    +

  5. Click Yes. If Domain deleted successfully is displayed in the upper right corner, the domain name is deleted.
+
+
+
+
+
Parent topic: Domain Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0007.html b/docs/waf/umn/waf_01_0007.html new file mode 100644 index 00000000..1219f6d9 --- /dev/null +++ b/docs/waf/umn/waf_01_0007.html @@ -0,0 +1,27 @@ + + +

Rule Configurations

+

This section describes how to configure protection rules.

+
When you are modifying the configuration of a policy bound to two or more domain names, the Modify Policy dialog box is displayed, indicating that the modified policy configuration applies to multiple bound domain names. See Figure 1. If you want to modify the policy configuration, click Yes. To stop displaying this dialog box again, select Do not show again.
Figure 1 Modify Policy dialog box
+
+
+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0008.html b/docs/waf/umn/waf_01_0008.html new file mode 100644 index 00000000..2bdc70b8 --- /dev/null +++ b/docs/waf/umn/waf_01_0008.html @@ -0,0 +1,118 @@ + + +

Enabling Basic Web Protection

+

This section describes how to enable basic web protection.

+

Basic web protection defends against common web attacks, such as SQL injection, XSS attacks, remote buffer overflow attacks, file inclusion, Bash vulnerability exploits, remote command execution, directory traversal, sensitive file access, and command and code injections, and detects web shells, robots (search engine, scanner, and script tool), and other crawlers.

+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Entrance to the domain configuration page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the desired domain name. In the Operation column, click Configure Policy. Figure 2 shows an example.

    Figure 2 Protection configuration page
    +

  5. In the Basic Web Protection area, specify Status and Mode by referring to Table 1. After the configuration completes, in the upper right corner of the Protection Status list, click Save. In the displayed dialog box, click Yes to save the settings. If you do not want to save the settings, click Cancel. Figure 3 shows an example.

    Figure 3 Basic Web Protection configuration area
    + +
    + + + + + + + + + + +
    Table 1 Parameter description

    Parameter

    +

    Description

    +

    Status

    +

    Status of Basic Web Protection

    +
    • : enabled.
    • : disabled.
    +

    Mode

    +
    • Block: WAF blocks and logs detected attacks.
    • Log only: WAF logs detected attacks only.
    +
    +
    +

  6. In the Basic Web Protection configuration area, click Advanced Settings. Enable the protection type that best fits your needs. Figure 4 shows an example.

    If you do not click Save after changing Status and Mode in Step 5, a Warning dialog box is displayed when you click Advanced Settings.

    +
    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    +
    +
    Figure 4 Basic web protection
    + +
    + + + + + + + + + + + + + + + + + + + + + + +
    Table 2 Protection types

    Type

    +

    Description

    +

    General Check

    +

    Defends against attacks, such as SQL injection, XSS, remote overflow vulnerability, file inclusion, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injection.

    +

    Webshell Detection

    +

    Defends against web shells from the upload interface.

    +

    Search Engine

    +

    Uses web crawlers such as Googlebot and Baiduspider to find pages for search engines.

    +

    Scanner

    +

    Scans for vulnerabilities, viruses, and performs other types of web scans, such as OpenVAS and Nmap.

    +

    Script Tool

    +

    Executes automatic tasks and program scripts, such as HttpClient, OkHttp, and Python programs.

    +
    NOTE:

    If your application uses scripts such as HttpClient, OkHttp, and Python, disable Script Tool. Otherwise, WAF will identify such script tools as crawlers and block the application.

    +
    +

    Other

    +

    Crawlers for other purposes, such as site monitoring, access proxy, and web page analysis.

    +
    +
    +
    1. Set the protection level.

      In the upper part of the page, select a protection level: Low, Medium, or High. The default value is Medium.

      + +
      + + + + + + + + + + + + + +
      Table 3 Protection levels

      Protection Level

      +

      Description

      +

      Low

      +

      WAF only blocks the requests with obvious attack signatures.

      +

      If a large number of false alarms are reported, Low is recommended.

      +

      Medium

      +

      The default level is Medium, which meets a majority of web protection requirements.

      +

      High

      +

      WAF blocks the requests with no attack signature but have specific attack patterns.

      +

      High is recommended if you want to block SQL injection, XSS, and command injection attacks.

      +
      +
      +
    2. Set the protection type.

      By default, General Check and Scanner are enabled. You can click to enable other protection types.

      +
    3. Click Save in the upper right of the page to save the settings. Otherwise, click Cancel.
    +

+
+
+
+
+
Parent topic: Rule Configurations
+
+
+ diff --git a/docs/waf/umn/waf_01_0009.html b/docs/waf/umn/waf_01_0009.html new file mode 100644 index 00000000..bed31bcb --- /dev/null +++ b/docs/waf/umn/waf_01_0009.html @@ -0,0 +1,116 @@ + + +

Configuring CC Attack Protection Rules

+

This section describes how to configure CC attack protection rules.

+

With these rules, rate limiting policies are set based on the IP addresses, cookies, or Referer field to accurately identify and mitigate CC attacks.

+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Entrance to the domain configuration page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the desired domain name. In the Operation column, click Configure Policy. Figure 2 shows an example.

    Figure 2 Protection configuration page
    +

  5. In the CC Attack Protection area, specify Status and Mode. After the configuration completes, in the upper right corner of the Protection Status list, click Save. In the displayed dialog box, click Yes to save the settings. If you do not want to save the settings, click Cancel. Figure 3 shows an example.

    Figure 3 CC Attack Protection configuration area
    +

  6. Click Customize Rule. On the displayed CC Attack Protection page, click Add Rule in the upper left corner. Figure 4 shows an example.

    If you do not click Save after changing Status in Step 5, a Warning dialog box is displayed when you click Customize Rule.

    +
    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    +
    +
    WAF creates a default CC attack protection rule. The rule can be modified but cannot be deleted. Rate Limit in the rule is 500 requests/5 seconds by default and it can be adjusted up to 10000 requests/5 seconds. If you want a higher rate limit than the maximum value, contact the administrator.
    Figure 4 Add Rule (CC Attack Protection)
    +
    +

    In the upper part of the protection rule list, click Quota details to view the quota of protection rules.

    +
    +

  7. In the displayed dialog box, specify the parameters by referring to Table 1. Figure 5 shows an example.

    Figure 5 Adding a CC attack protection rule
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Table 1 Rule parameters

    Parameter

    +

    Description

    +

    Example Value

    +

    Path

    +

    Part of the URL without the domain name.

    +
    • Prefix match: The path ending with * indicates that the path is used as a prefix. For example, if the path to be protected is /admin/test.php or /adminabc, set Path to /admin*.
    • Exact match: The path to be entered must match the path to be protected. If the path to be protected is /admin, set Path to /admin.
    +
    NOTE:
    • The path supports prefix and exact matches only and does not support regular expressions.
    • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, the WAF engine converts /// to /.
    +
    +

    /admin*

    +

    Rate Limit Mode

    +
    • Per IP address: A web visitor is identified by the IP address.
    • Per user: A web visitor is identified by the cookie key value.
    • Other: A web visitor is identified by the Referer field (user-defined request source).
      NOTE:

      If Rate Limit Mode is Other, Content of Referer is set to a complete URL containing the domain name. The Content field supports prefix match and exact match only, and cannot contain two or more consecutive slashes, for example, ///admin. If you enter ///admin, the WAF engine converts it to /admin.

      +

      For example, if Path is /admin and you do not want visitors to access the page from www.test.com, set Content to http://www.test.com.

      +
      +
    +

    Per user

    +

    User Identifier

    +

    A cookie field that you need to set if Rate Limit Mode is Per user. This value supports exact match only and does not support regular expressions.

    +

    If a website uses the name field in the cookie to uniquely identify a web visitor, enter name. If you do not set this value, WAF will automatically assign one.

    +

    name

    +

    Rate Limit

    +

    Number of requests allowed from a web visitor in the rate limiting period. The visitor's access request is denied if the limit is reached.

    +

    10 requests 60 seconds

    +

    Protective Action

    +

    Action to perform if the maximum number of requests is reached. Options are Verification code and Block.

    +
    • Verification code: A verification code is displayed when the number of requests reaches the maximum limit within a specified period. Upon completing the verification, you are no longer restricted by the maximum number of requests allowed.
    • Block: Requests are blocked if the maximum number of requests is reached.
      NOTE:

      If Rate Limit Mode is Other, Protective Action can only be Block.

      +
      +
    +

    Block

    +

    Block Duration

    +

    Time required for the page to be restored to normal state after being blocked

    +

    600 seconds

    +

    Block Page

    +

    Error page displayed when the maximum number of requests has been reached. This parameter is set only when Protective Action is Block.

    +
    • If you select Default settings, the default block page is displayed.
    • If you select Customize, set a custom message.
    +

    Customize

    +

    Block Page Type

    +

    If you select Customize for Block Page, select a type of the block page among options application/json, text/html, and text/xml.

    +

    text/html

    +

    Page Content

    +

    If you select Customize for Block Page, set the content to be returned.

    +

    <html><body>Forbidden</body></html>

    +
    +
    +

  8. Click OK.

    • To modify the added rule, click Modify in the row containing the target rule.
    • The default CC attack protection rule created by WAF can be modified but cannot be deleted.
    • To delete the added rule, click Delete in the row containing the target rule.
    +

+
+
+
+
+
Parent topic: Rule Configurations
+
+
+ diff --git a/docs/waf/umn/waf_01_0010.html b/docs/waf/umn/waf_01_0010.html new file mode 100644 index 00000000..9e824c9e --- /dev/null +++ b/docs/waf/umn/waf_01_0010.html @@ -0,0 +1,165 @@ + + +

Configuring Precise Protection Rules

+

This section describes how to configure precise protection rules.

+

With these rules, WAF allows you to customize combinations of HTTP headers, cookies, URLs, request parameters, and IP addresses, improving defense accuracy.

+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Entrance to the domain configuration page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the desired domain name. In the Operation column, click Configure Policy. Figure 2 shows an example.

    Figure 2 Protection configuration page
    +

  5. In the Precise Protection area, specify Status. After the configuration completes, in the upper right corner of the Protection Status list, click Save. In the displayed dialog box, click Yes to save the settings. If you do not want to save the settings, click Cancel. Figure 3 shows an example.

    Figure 3 Precise Protection configuration area
    +

  6. Click Customized Rule. On the displayed page, specify Detection Mode. Figure 4 shows an example.

    If you do not click Save after changing Status in Step 5, a Warning dialog box is displayed when you click Customize Rule.

    +
    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    +
    +
    Two detection modes are available:
    • Instant Detection: WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule.
    • Full Detection: WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections.
    +
    +

    The default detection mode is Instant Detection. After changing the detection mode, click Save.

    +
    Figure 4 Setting Detection Mode
    +

  7. In the upper left corner of the Precise Protection page, click Add Rule. Figure 5 shows an example.

    Figure 5 Add Rule (Precise Protection)
    +

    In the upper part of the protection rule list, click Quota details to view the quota of protection rules.

    +
    +

  8. In the displayed dialog box, specify the parameters by referring to Table 1. Figure 6 shows an example.

    Figure 6 Adding a precise protection rule
    +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + +
    Table 1 Rule parameters

    Parameter

    +

    Description

    +

    Example Value

    +

    Rule Name

    +

    Customizable rule name

    +

    waftest

    +

    Protective Action

    +

    Its value is Block or Allow. The default value is Block.

    +

    Block

    +

    Effective Since

    +

    Select Immediately or select Customize to set a period. This period can only be a time segment in the future.

    +

    Immediately

    +

    Condition List

    +
    Click Add to add conditions. You must add one to thirty conditions to a protection rule. If more than one condition is added, all the conditions must be met simultaneously for the rule to take effect.
    • Field
    • Subfield: Configure this field only when Params, Cookie, or Header is selected.
      NOTICE:

      The length of a subfield cannot exceed 2048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed.

      +
      +
    • Logic: Select the desired logical relationship from the drop-down list.
    • Content: Enter or select the content of condition matching.
    +
    +
    NOTE:

    For detailed configurations, see Table 2.

    +
    +
    • Path Include /admin
    • User Agent Prefix is not mozilla/5.0
    • IP Equal to 192.168.2.3
    • Cookie key1 Prefix is not Nessus
    +

    Priority

    +

    Priority of a rule being executed

    +

    Smaller values correspond to higher priorities. If two rules are assigned with the same priority, the rule added earlier has higher priority.

    +

    50

    +
    +
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Table 2 Condition list configurations

    Field

    +

    Example Subfield

    +

    Logic

    +

    Example Content

    +

    Path: URL excluding a domain name. This value supports exact match only. For example, if the path to be protected is /admin, set Path to /admin.

    +

    None

    +

    Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, or Suffix is not

    +

    /buy/phone/

    +

    User Agent: A user agent of the scanner to be protected

    +

    None

    +

    Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, or Suffix is not

    +

    Mozilla/5.0 (Windows NT 6.1)

    +

    IP: An IP address of the visitor to be protected

    +

    None

    +

    Equal to or Not equal to

    +

    192.168.2.3

    +

    Params: A request parameter to be protected

    +

    sttl

    +

    Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, or Suffix is not

    +

    201901150929

    +

    Cookie: A small piece of data to identify web visitors

    +

    name

    +

    Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, or Suffix is not

    +

    Nessus

    +

    Referer: A user-defined request resource

    +

    For example, if the protected path is /admin/xxx and you do not want visitors to access the page from www.test.com, set Content to http://www.test.com.

    +

    None

    +

    Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, or Suffix is not

    +

    http://www.test.com

    +

    Header: A user-defined HTTP header

    +

    Accept

    +

    Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, or Suffix is not

    +

    text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

    +
    +
    +
    +

  9. Click OK.

    • To modify the added rule, click Modify in the row containing the target rule.
    • To delete the added rule, click Delete in the row containing the target rule.
    +

+
+
+
+
+
Parent topic: Rule Configurations
+
+
+ diff --git a/docs/waf/umn/waf_01_0012.html b/docs/waf/umn/waf_01_0012.html new file mode 100644 index 00000000..3fe0a9eb --- /dev/null +++ b/docs/waf/umn/waf_01_0012.html @@ -0,0 +1,56 @@ + + +

Configuring Blacklist or Whitelist Rules

+

This section describes how to configure blacklist or whitelist rules to block or allow specific IP addresses or address ranges.

+

Blacklist and Whitelist only takes effect for specified domain names.

+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Entrance to the domain configuration page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the desired domain name. In the Operation column, click Configure Policy. Figure 2 shows an example.

    Figure 2 Protection configuration page
    +

  5. In the Blacklist and Whitelist area, specify Status. After the configuration completes, in the upper right corner of the Protection Status list, click Save. In the displayed dialog box, click Yes to save the settings. If you do not want to save the settings, click Cancel. Figure 3 shows an example.

    Figure 3 Blacklist and Whitelist configuration area
    +

  6. Click Customize Rule. On the displayed Blacklist and Whitelist page, click Add Rule in the upper left corner. Figure 4 shows an example.

    If you do not click Save after changing Status in Step 5, a Warning dialog box is displayed when you click Customize Rule.

    +
    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    +
    +
    Figure 4 Add Rule (Blacklist and Whitelist)
    +

    In the upper part of the protection rule list, click Quota details to view the quota of protection rules.

    +
    +

  7. In the displayed dialog box, specify the parameters by referring to Table 1. Figure 5 shows an example.

    Figure 5 Adding a blacklist or whitelist rule
    + +
    + + + + + + + + + + + + + +
    Table 1 Rule parameters

    Parameter

    +

    Description

    +

    Example Value

    +

    IP Address or Range

    +
    • IP address: IP address to be added to the blacklist or whitelist
    • IP address range: IP address and subnet mask defining a network segment
    +
    • XXX.XXX.1.1
    • XXX.XXX.1.0/24
    +

    Protective Action

    +

    If IP Address or Range is to be added to a whitelist, set this parameter to Whitelist.

    +

    If IP Address or Range is to be added to a blacklist, set this parameter to Blacklist.

    +

    Blacklist

    +
    +
    +

  8. Click OK.

    • To modify the added rule, click Modify in the row containing the target rule.
    • To delete the added rule, click Delete in the row containing the target rule.
    +

+
+
+
+
+
Parent topic: Rule Configurations
+
+
+ diff --git a/docs/waf/umn/waf_01_0014.html b/docs/waf/umn/waf_01_0014.html new file mode 100644 index 00000000..df97d762 --- /dev/null +++ b/docs/waf/umn/waf_01_0014.html @@ -0,0 +1,63 @@ + + +

Configuring Web Tamper Protection Rules

+

This section describes how to configure web tamper protection (WTP) rules.

+

You can configure these rules to prevent a static web page from being tampered with.

+

WTP has the following advantages:

+
  • Quicker response to requests

    After a WTP rule is configured, WAF caches the static web page on the server. When receiving a request from a web visitor, WAF returns the cached page to the visitor.

    +
  • Web tamper protection

    If an attacker modifies a static web page on the server, WAF returns the cached original web page to web visitors, ensuring that visitors never access tampered-with pages.

    +

    WAF can randomly extract a request from a web visitor to compare the requested page with the web page on the server. If WAF detects that the page has been tampered with, it notifies the user by SMS or email. For details about alarm notification settings, see Enabling Alarm Notification.

    +
+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Entrance to the domain configuration page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the desired domain name. In the Operation column, click Configure Policy. Figure 2 shows an example.

    Figure 2 Protection configuration page
    +

  5. In the Web Tamper Protection area, specify Status. After the configuration completes, in the upper right corner of the Protection Status list, click Save. In the displayed dialog box, click Yes to save the settings. If you do not want to save the settings, click Cancel. Figure 3 shows an example.

    Figure 3 Web Tamper Protection configuration area
    +

  6. Click Customize Rule. On the displayed Web Tamper Protection page, click Add Rule in the upper left corner. Figure 4 shows an example.

    If you do not click Save after changing Status in Step 5, a Warning dialog box is displayed when you click Customize Rule.

    +
    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    +
    +
    Figure 4 Add Rule (Web Tamper Protection)
    +

    In the upper part of the protection rule list, click Quota details to view the quota of protection rules.

    +
    +

  7. In the displayed dialog box, specify the parameters by referring to Table 1. Figure 5 shows an example.

    Figure 5 Adding a web tamper protection rule
    + +
    + + + + + + + + + + + + + +
    Table 1 Rule parameters

    Parameter

    +

    Description

    +

    Example Value

    +

    Domain Name

    +

    Domain name to be protected

    +

    www.example.com

    +

    Path

    +

    URL excluding a domain name

    +
    NOTE:
    • The path does not support regular expressions.
    • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, the WAF engine converts /// to /.
    +
    +

    /admin

    +

    For example, if the URL to be protected is http://www.example.com/admin, set Path to /admin.

    +
    +
    +

  8. Click OK.

    • In the event of changes on the protected web page, WAF needs to re-cache the web page content. In this case, click Update Cache in the row containing the target rule.
    • To delete the added rule, click Delete in the row containing the target rule.
    +

+
+
+
+
+
Parent topic: Rule Configurations
+
+
+ diff --git a/docs/waf/umn/waf_01_0016.html b/docs/waf/umn/waf_01_0016.html new file mode 100644 index 00000000..69137bb6 --- /dev/null +++ b/docs/waf/umn/waf_01_0016.html @@ -0,0 +1,66 @@ + + +

Configuring False Alarm Masking Rules

+

This section describes how to configure false alarm masking rules.

+

You can add false alarms to the whitelist and ignore certain event IDs (for example, skip XSS check for a specified URL).

+

False alarm masking only applies to events logged by built-in basic web protection rules. If you want to mask events logged by custom rules, delete the rules.

+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Entrance to the domain configuration page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the desired domain name. In the Operation column, click Configure Policy. Figure 2 shows an example.

    Figure 2 Protection configuration page
    +

  5. In the False Alarm Masking area, specify Status. After the configuration completes, in the upper right corner of the Protection Status list, click Save. In the displayed dialog box, click Yes to save the settings. If you do not want to save the settings, click Cancel. Figure 3 shows an example.

    Figure 3 False Alarm Masking configuration area
    +

  6. Click Customize Rule. On the displayed False Alarm Masking page, click Add Rule in the upper left corner. Figure 4 shows an example.

    If you do not click Save after changing Status in Step 5, a Warning dialog box is displayed when you click Customize Rule.

    +
    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    +
    +
    Figure 4 Add Rule (False Alarm Masking)
    +

    In the upper part of the protection rule list, click Quota details to view the quota of protection rules.

    +
    +

  7. In the displayed dialog box, specify the parameters by referring to Table 1. Figure 5 shows an example.

    False alarm masking only applies to events logged by built-in basic web protection rules. If you want to mask events logged by custom rules, delete the rules.

    +
    +
    Figure 5 Adding a false alarm masking rule
    +

    + +
    + + + + + + + + + + + + + +
    Table 1 Rule parameters

    Parameter

    +

    Description

    +

    Example Value

    +

    Path

    +

    Misreported URL excluding a domain name

    +
    • Prefix match: The path ending with * indicates that the path is used as a prefix. For example, if the path to be protected is /admin/test.php or /adminabc, set Path to /admin*.
    • Exact match: The path to be entered must match the path to be protected. If the path to be protected is /admin, set Path to /admin.
    +
    NOTE:
    • The path supports prefix and exact matches only and does not support regular expressions.
    • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, the WAF engine converts /// to /.
    +
    +

    /admin

    +

    For example, if the URL to be protected is http://www.example.com/admin, set Path to /admin.

    +

    Event ID

    +

    ID of the built-in rule corresponding to the attack event for which the false alarm masking is to be performed

    +

    This value consists of six digits and cannot be empty.

    +
    NOTE:

    To obtain the event ID, go to the Events page, select the Search tab, locate the row where the attack event resides, and click Handle False Alarm in the Operation column. You can then obtain the event ID on the displayed dialog box.

    +
    +

    000006

    +
    +
    +

  8. Click OK. If Rule added successfully is displayed in the upper right corner, the rule is added.

    To delete the added rule, click Delete in the row containing the target rule.

    +

+
+
+
+
+
Parent topic: Rule Configurations
+
+
+ diff --git a/docs/waf/umn/waf_01_0017.html b/docs/waf/umn/waf_01_0017.html new file mode 100644 index 00000000..c2851b88 --- /dev/null +++ b/docs/waf/umn/waf_01_0017.html @@ -0,0 +1,66 @@ + + +

Configuring Data Masking Rules

+

This section describes how to configure data masking rules. Data Masking prevents such data as usernames and passwords from being displayed in event logs.

+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Entrance to the domain configuration page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. Locate the row that contains the desired domain name. In the Operation column, click Configure Policy. Figure 2 shows an example.

    Figure 2 Protection configuration page
    +

  5. In the Data Masking area, specify Status. After the configuration completes, in the upper right corner of the Protection Status list, click Save. In the displayed dialog box, click Yes to save the settings. If you do not want to save the settings, click Cancel. Figure 3 shows an example.

    Figure 3 Data Masking configuration area
    +

  6. Click Customize Rule. On the displayed Data Masking page, click Add Rule in the upper left corner. Figure 4 shows an example.

    If you do not click Save after changing Status in Step 5, a Warning dialog box is displayed when you click Customize Rule.

    +
    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    +
    +
    Figure 4 Add Rule (Data Masking)
    +

    In the upper part of the protection rule list, click Quota details to view the quota of protection rules.

    +
    +

  7. In the displayed dialog box, specify the parameters by referring to Table 1. Figure 5 shows an example

    Figure 5 Adding a data masking rule
    + +
    + + + + + + + + + + + + + + + + +
    Table 1 Rule parameters

    Parameter

    +

    Description

    +

    Example Value

    +

    Path

    +

    URL excluding a domain name

    +
    • Prefix match: The path ending with * indicates that the path is used as a prefix. For example, if the path to be protected is /admin/test.php or /adminabc, set Path to /admin*.
    • Exact match: The path to be entered must match the path to be protected. If the path to be protected is /admin, set Path to /admin.
    +
    NOTE:
    • The path supports prefix and exact matches only and does not support regular expressions.
    • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, the WAF engine converts /// to /.
    +
    +

    /admin/login.php

    +

    For example, if the URL to be protected is http://www.example.com/admin/login.php, set Path to /admin/login.php.

    +

    Masked Field

    +
    A field set to be masked
    • Params: A request parameter
    • Header: A user-defined HTTP header
    +
    +
    • If Masked Field is set to Params, configure Subfield based on your needs. If it is set to id, the content that matches id will be masked.
    • If Masked Field is set to Header, configure Subfield based on your needs. If it is set to Accept, the content that matches Accept will be masked.
    +

    Subfield

    +

    Set the parameter based on Masked Field. The masked field will not be displayed in the log.

    +
    NOTICE:

    The length of a subfield cannot exceed 2048 bytes. Only digits, letters, underscores (_), and hyphens (-) are allowed.

    +
    +
    +
    +

  8. Click OK.

    • To modify the added rule, click Modify in the row containing the target rule.
    • To delete the added rule, click Delete in the row containing the target rule.
    +

+
+
+
+
+
Parent topic: Rule Configurations
+
+
+ diff --git a/docs/waf/umn/waf_01_0018.html b/docs/waf/umn/waf_01_0018.html new file mode 100644 index 00000000..a19f3255 --- /dev/null +++ b/docs/waf/umn/waf_01_0018.html @@ -0,0 +1,15 @@ + + +

Event Management

+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0019.html b/docs/waf/umn/waf_01_0019.html new file mode 100644 index 00000000..5cc8e42b --- /dev/null +++ b/docs/waf/umn/waf_01_0019.html @@ -0,0 +1,131 @@ + + +

Enabling Alarm Notification

+

This section describes how to enable notification for attack logs. Once this function is enabled, WAF sends attack logs to users by email or SMS.

+

Prerequisites

  • Login credentials have been obtained.
  • The SMN service has been enabled.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Events.
  4. Click the Notify tab and configure alarm notification parameters by referring to Table 1. Figure 1 shows an example.

    Figure 1 Configuring alarm notification
    + +
    + + + + + + + + + + + + + + + + + + + +
    Table 1 Notification setting parameters

    Parameter

    +

    Description

    +

    Notification ID

    +

    Alarm event ID

    +

    Notification

    +

    Whether to enable notification

    +
    • : enabled.
    • : disabled.
    +

    Notification Topic

    +

    Click the drop-down list to select an available topic or click View Topic to create a topic.

    +

    For more information, see the Simple Message Notification User Guide.

    +

    Threshold

    +

    Alarm threshold

    +
    NOTE:

    Alarm notifications are sent when the number of attacks is greater than or equal to the threshold within the configured period.

    +
    +

    Event Type

    +

    By default, All is selected. You can also click Customize to specify event types.

    +

    For details about event types, see Table 2.

    +
    +
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Table 2 List of event types

    Event Type

    +

    Description

    +

    Challenge Collapsar

    +

    CC attack. When you find out that your website is experiencing slowed processing and high bandwidth usage, it may have been under CC attacks.

    +

    Command Injection

    +

    Command injection. It is a technique used by hackers to execute system commands on a server by chaining commands and bypassing blacklists to invoke web application interfaces.

    +

    Custom

    +

    Events logged by one or more precise protection rules

    +

    Illegal Request

    +

    Invalid requests. For example, more than 512 parameters are used.

    +

    SQL Injection

    +

    SQL injection. It is a common web attack whereby attackers inject malicious SQL commands into database query strings to deceive the server into executing them. By exploiting these commands, the attacker can obtain sensitive information, add users, export files, or even gain the highest permissions to the database or system.

    +

    Local File Inclusion

    +

    Local file inclusion (LFI) allows attackers to access files on a local server or download sensitive configurations. The vulnerability occurs due to the use of user-supplied input without proper validation.

    +

    Scanner & Crawler

    +

    Scanner and crawler attack events

    +

    AntiTamper

    +

    Events logged by one or more web tamper protection rules

    +

    Remote File Inclusion

    +

    Remote file inclusion

    +

    Miscellaneous

    +

    Other types of attacks, such as a combination of SQL injection and command injection attacks or certain CVE vulnerabilities

    +

    Cross Site Scripting

    +

    XSS. It is a type of attacks that exploits security vulnerabilities in web applications. XSS enables attackers to inject auto-executed malicious codes into web pages to steal users' information when they visit the pages.

    +

    Black/White IP

    +

    Events logged by one or more blacklist or whitelist rules

    +

    Webshell

    +

    A web shell is an attack script. After intruding into a website, an attacker adds an .asp, .php, .jsp, or .cgi script file with normal web page files. Then, the attacker accesses the file from a web browser and uses it as a backdoor to obtain a command execution environment for controlling the web server. For this reason, web shells are also called backdoor tools.

    +
    +
    +

  5. Click Save.
+
+
+
+
+
Parent topic: Event Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0020.html b/docs/waf/umn/waf_01_0020.html new file mode 100644 index 00000000..17b1291b --- /dev/null +++ b/docs/waf/umn/waf_01_0020.html @@ -0,0 +1,77 @@ + + +

Viewing Basic Information

+

This section describes how to view domain information and edit server information.

+

Prerequisites

Login credentials have been obtained.

+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Domains. Figure 1 shows an example. Table 1 describes parameters.

    In the upper right corner of the list, query domain information by domain name, policy name, or tag.

    +
    Figure 1 Domains page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    + +
    + + + + + + + + + + + + + + + + + + + +
    Table 1 Parameter description

    Parameter

    +

    Description

    +

    Name

    +

    Protected domain name

    +

    Mode

    +

    WAF mode of the protected domain name

    +
    • Enabled: WAF is enabled.
    • Disabled: WAF is disabled.
    • Bypassed: In this mode, requests are directly sent to the backend server without passing through WAF.
    +

    DNS

    +

    DNS resolution status

    + +

    Protection Status over Past 3 Days

    +

    Protection status of the domain name over the past three days. Choose More >View Attack in the Operation column to view specific protection logs.

    +

    Policy

    +

    Policy configuration of the domain name. Click Configure Policy to configure rules by referring to Rule Configurations.

    +
    +
    +
    +

  4. In the Name column, click the target domain name to go to the basic information page.
  5. View domain information.

    1. View Basic Information and WAF Information. Figure 2 and Figure 3 show examples.
      In the upper right corner of the domain information page, click to refresh the page.
      Figure 2 Viewing basic information (with a proxy)
      +
      • Domain ID: unique ID that is generated randomly for a domain name.
      • Creation Time: time when the domain name is created.
      • Click in the Access Address, Subdomain Name, TXT Record, or WAF IP Address Range row to copy the required value.
      • If Client Protocol is set to HTTPS, updating the certificate is required. To do so, click next to Certificate Name. In the displayed dialog box, select an existing certificate.
      • If your web server stops using a proxy, click next to the value of Proxy Configured. In the dialog box displayed, select No.
      +
      +
      Figure 3 Viewing basic information (without a proxy)
      +
      • Domain ID: unique ID that is generated randomly for a domain name.
      • Creation Time: time when the domain name is created.
      • Click in the target row to copy the value of CNAME or WAF IP Address Range.
      • If Client Protocol is set to HTTPS, updating the certificate is required. To do so, click next to Certificate Name. In the displayed dialog box, select an existing certificate.
      • If your web server starts using a proxy, click next to the value of Proxy Configured. In the dialog box displayed, select Yes.
      +
      +
      +
    2. View Server Information. Figure 4 shows an example.
      Figure 4 Server Information
      +
      Click Edit Server Information. On the Edit Server Information page shown in Figure 5, edit server configurations (such as client protocol and associated certificate).
      Figure 5 Editing server information
      +
      +

      Web Application Firewall (WAF) does not support health check. If you want to use health check, use WAF along with Elastic Load Balancing (ELB). For details about how to configure ELB, see Backend Server (Enhanced Load Balancer). After ELB is configured, the elastic IP address (EIP) of ELB is used as the value of Server Address to connect to WAF for health check.

      +
      +
    3. Click the Tags tab and view the tags, as shown in Figure 6.
      Figure 6 Tags
      +
      • In the Operation column of the tag list, click Edit to change the value.
      • Click Delete to delete a tag. A deleted tag cannot be restored. Exercise caution when performing this operation.
      • In the upper left corner of the tag list, click Add Tag to add one. See Figure 7.
        You can select an existing tag key and tag value from the Tag key and Tag value drop-down lists or click View predefined tags to create a tag on the TMS console.
        Figure 7 Add Tag
        +
        +
      +
    +

+
+

Related Operations

In the Operation column of the domain list, you can:

+
  • Click Switch Mode to switch the WAF working mode.
  • Click Configure Policy to configure WAF protection rules.
  • Choose More > Check DNS to check the DNS resolution status.
  • Choose More > View Attack to view the WAF protection logs.
  • Choose More > View Metric to view the WAF monitoring logs. For more details, see Cloud Eye User Guide.
  • Choose More > Delete to delete the protected domain.
+
+
+
+
+
Parent topic: Domain Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0021.html b/docs/waf/umn/waf_01_0021.html new file mode 100644 index 00000000..76699a88 --- /dev/null +++ b/docs/waf/umn/waf_01_0021.html @@ -0,0 +1,82 @@ + + +

Dashboard

+

This section describes how to view event logs in a specified time (for example, today), including attack and request statistics, the number of attacks from the top 5 source IP addresses, and event distribution.

+

Prerequisites

Login credentials have been obtained.

+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall to go to the Dashboard page.
  4. In the domain name drop-down list, select a domain name to view its event logs. The query time can be Yesterday, Today, Past 3 days, Past 7 days, and Past 30 days. Figure 1 shows an example.

    You can select All domain names or a specific domain name from the drop-down list.

    +
    +
    Figure 1 Viewing event logs
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Table 1 Parameter description of event logs

    Parameter

    +

    Description

    +

    Remarks

    +

    Requests

    +

    Total number of requests to the specified domain name

    +

    If All domain names is selected, the total number of requests to all domain names is displayed.

    +

    N/A

    +

    Peak Value

    +

    Maximum number of requests to the specified domain name per second

    +

    N/A

    +

    Attacks

    +

    Number of attacks on the specified domain name

    +

    N/A

    +

    Attack Sources

    +

    Number of sources that attack the specified domain name

    +

    N/A

    +

    Attacks

    +

    Trend of attacks

    +

    The trend of attacks is displayed by default.

    +

    Requests

    +

    Trend of requests

    +

    Click Requests to view the trend of requests.

    +

    Event Distribution

    +

    Types of attack events

    +
    • Click any colored area in the event distribution circle under Event Distribution to view the type, number, and proportion of an attack.
    • To stop displaying information about a specific type of event, click the corresponding legend with the same color to the right of the circle.
    +

    Top 5 Source IP Addresses (Attacks)

    +

    Top 5 attack source IP addresses and their cumulative number of attacks

    +

    N/A

    +
    +
    +

+
+
+ diff --git a/docs/waf/umn/waf_01_0022.html b/docs/waf/umn/waf_01_0022.html new file mode 100644 index 00000000..18bbe895 --- /dev/null +++ b/docs/waf/umn/waf_01_0022.html @@ -0,0 +1,13 @@ + + +

FAQs

+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0023.html b/docs/waf/umn/waf_01_0023.html new file mode 100644 index 00000000..97c229fb --- /dev/null +++ b/docs/waf/umn/waf_01_0023.html @@ -0,0 +1,150 @@ + + +

Change History

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Released On

+

Description

+

2022-05-06

+

Modified section "Overview": added descriptions about WAF billing mode and service bandwidth.

+

2022-03-07

+
  • Added "How Do I Fix an Incomplete Certificate Chain?"
  • Added a description about how to make a certificate chain in "Uploading a Certificate."
+

2021-09-22

+
  • Added FAQ "Why Do Cookies Contain the CLOUDWAFSESID and CLOUDWAFSESTIME Fields After a Domain is Connected to WAF?"
  • Updated some screenshots, added description about querying the domain name quota, and modified the description in the Certificate conversion commands table in section "Creating a Domain Name."
  • Updated screenshots and added description about querying domain name quotas in sections "Testing WAF" and "Adding a Domain Name to WAF."
  • Updated screenshots, added description about querying the certificate quota, and modified the description of the certificate conversion command in section "Uploading a Certificate."
  • Updated screenshots and added description about querying domain name quotas in section "Domain Management."
  • Updated screenshots and added the description of querying protection rule quotas in section "Rule Configuration."
  • Updated screenshots and added the description of querying the quota of a protection policy in section "Policy Management."
+

2020-05-21

+

Added description of the usage restrictions of false alarm masking rules in section "Configuring False Alarm Masking Rules."

+

2020-05-13

+

Added description of the applicable scope of false alarm masking rules in section "Configuring False Alarm Masking Rules."

+

2020-05-09

+

Optimized the descriptions of the Event ID parameter in sections "Configuring False Alarm Masking Rules" and "Handling False Alarms."

+

2020-04-27

+
  • Added the definition of namespace in section "Monitoring Metrics."
  • Modified the descriptions of the minimum TLS version and cipher suite in section "Configuring the Minimum TLS Version and Cipher Suite."
  • Added a wildcard domain name redirection configuration example in section "Modifying the Alarm Page."
  • Modified the description of the false alarm masking rule in section "Configuring False Alarm Masking Rules."
+

2020-04-20

+
  • Added section "Configuring the Minimum TLS Version and Cipher Suite."
  • Added the custom and redirection alarm page examples in section "Modifying the Alarm Page."
  • Updated screenshots of basic domain name information in section "Testing WAF."
  • Updated screenshots of basic domain name information in "Adding a Domain Name to WAF."
  • Updated screenshots of basic domain name information in section "How Do I Obtain the Real IP Address of a Web Visitor After WAF Is Enabled?"
+

2020-03-09

+
  • Added descriptions of Tag Management Service (TMS) in section "Related Services."
  • Updated screenshots and description in section "Creating a Domain Name."
  • Updated screenshots and description in section "Connecting a Domain Name to WAF."
  • Added the description of viewing the tags in section "Viewing Basic Information."
  • Updated screenshots and description in section "Enabling WAF Protection."
  • Updated screenshots and description in section "Disabling WAF Protection."
  • Updated screenshots and description in section "Setting the Bypassed Mode."
  • Updated screenshots and description in section "Deleting a Domain Name."
  • Updated screenshots and description in section "Creating a Domain Name."
+

2019-11-22

+
  • Modified section "Configuring False Alarm Masking Rules" based on review comments.
  • Modified section "Handling False Alarms" based on review comments.
+

2019-10-29

+

Added section "Monitoring Metrics."

+

2019-09-19

+

Updated screenshots and description in section "Configuring Precise Protection Rules."

+

2019-07-09

+

Modified the descriptions about check items in section "Enabling Basic Web Protection."

+

2019-06-28

+
  • Added the relationship with Cloud Eye in section "Related Services."
  • Modified section "Testing WAF."
  • Added the working principle in section "Connecting a Domain Name to WAF."
  • Modified section "Viewing Basic Information."
  • Added the descriptions about check items in section "Enabling Basic Web Protection."
+

2019-03-28

+

Accepted in OTC 4.0.

+

2019-03-20

+
  • Updated the screenshot and added precautions in section "Creating a Domain Name."
  • Updated the screenshot and added precautions in section "Connecting a Domain Name to WAF."
  • Updated the screenshot and added precautions in FAQ "What Should I Do If the DNS Status Is Unconfigured?"
+

2019-03-15

+

Deleted the Cookie parameter from section "Configuring Data Masking Rules."

+

2019-03-12

+
  • Modified section "Creating a Domain Name": added restrictions on the default CC attack protection rule.
  • Modified section "Configuring CC Attack Protection Rules": added restrictions on the default CC attack protection rule.
+

2019-03-07

+
  • Modified section "Creating a Domain Name": updated the screenshots and added the description of health check.
  • Modified section "Editing Domain Information": updated the screenshots and added the description of health check.
  • Modified section "Downloading Events Data": events data is generated based on the UTC time.
+

2019-03-04

+
  • Added section "Certificate Management."
  • Modified section "Viewing Basic Information: added the button in the upper right corner of the domain information page.
  • Modified section "Rule Configurations": added the Save and Cancel buttons on the protection configuration page.
  • Modified section "Enabling Basic Web Protection": added the Save and Cancel buttons.
  • Added the parameter Notification ID in section "Enabling Alarm Notification."
  • Updated the screenshots and related descriptions based on the GUI changes.
+

2019-02-26

+
  • Added the parameter description in section "Viewing Basic Information."
  • Added the description about displaying the Modify Policy dialog box in section "Rule Configurations."
  • Updated the screenshots based on the GUI changes.
+

2019-02-21

+

Modified section "Viewing Basic Information": added parameters Domain ID and Creation Time in the Basic Information area.

+

2019-02-16

+
  • Optimized function descriptions in section "WAF."
  • Modified section "Deleting a Domain Name": added the dialog boxes displayed when deleting a domain name and modified related descriptions.
  • Modified section "Configuring CC Attack Protection Rules": modified descriptions about prefix match.
  • Modified section "Creating a Policy": deleted the prerequisites.
  • Deleted sections "Configuring Client Protocol and Server Protocol" and "Uploading a Certificate", and incorporated the content into section "Creating a Domain Name."
  • Deleted section "How Do I Configure a CC Attack Protection Rule on WAF?"
+

2019-02-02

+

Modified the document according to review comments.

+

2019-01-31

+

Modified section "Related Services": added an operation "Changing the name of a certificate."

+

2019-01-25

+
  • Modified section "Advantages."
  • Modified section "Related Services."
  • Modified section "Creating a Domain Name": added the method to obtain the real IP address of a web visitor from Source IP Header.
  • Modified FAQ "How Do I Obtain the Real IP Address of a Web Visitor After WAF Is Enabled?"
  • Modified the document according to review comments.
+

2019-01-14

+

This is the first official release.

+
+
+
+ diff --git a/docs/waf/umn/waf_01_0024.html b/docs/waf/umn/waf_01_0024.html new file mode 100644 index 00000000..c186a86a --- /dev/null +++ b/docs/waf/umn/waf_01_0024.html @@ -0,0 +1,127 @@ + + +

Handling False Alarms

+

This section describes how to mask false alarms and view event details if you find out that an event is misreported.

+

Prerequisites

  • Login credentials have been obtained.
  • The event list contains at least one misreported event.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Events.
  4. Click the Search tab. In the domain name drop-down list, select a domain name or All domain names to view target event logs. The query time can be Yesterday, Today, Past 3 days, Past 7 days, Past 30 days, or a user-defined time. Figure 1 shows an example. For details about parameters, see Table 1 and Table 2.

    In the upper right corner of the event list, click Search by ID to search a target event by ID.
    Figure 1 Search tab page
    +
    + +
    + + + + + + + + + + +
    Table 1 Event parameters

    Parameter

    +

    Description

    +

    Event Type

    +

    Type of an attack

    +

    By default, All is selected. You can view logs of all attack types or select an attack type to view target attack logs.

    +

    Source IP Address

    +

    Public IP address of the web visitor/attacker

    +

    By default, All is selected. You can view logs of all attack source IP addresses, select an attack source IP address, or enter an attack source IP address to view target attack logs.

    +
    +
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + +
    Table 2 Log list parameters

    Parameter

    +

    Description

    +

    Time

    +

    Time when an attack occurs

    +

    Source IP Address

    +

    Public IP address of the web visitor/attacker

    +

    Domain Name

    +

    Attacked domain name

    +

    URL

    +

    Attacked URL

    +

    Malicious load

    +

    Location of the malicious load

    +

    Event Type

    +

    Type of an attack

    +

    Protective Action

    +

    Protective actions. The options are Block, Log only, Allow, Verification code, Filter, and Mismatch.

    +
    +
    +

    To view event details, click Details in the Operation column of the event list.

    +
    +

  5. If an event is misreported, add a false alarm masking rule by clicking Handle False Alarm in the row of the event. Figure 2 shows an example. Table 3 lists related parameters.

    False alarm masking only applies to events logged by built-in basic web protection rules. If you want to mask events logged by custom rules, delete the rules.

    +
    +
    Figure 2 Handling a false alarm
    + +
    + + + + + + + + + + + + + + + + + +
    Table 3 Parameter description

    Parameter

    +

    Description

    +

    Example Value

    +

    Domain Name

    +

    Domain name where an attack occurs, which is obtained automatically by the system

    +

    --

    +

    Path

    +

    Misreported URL excluding a domain name

    +
    • Prefix match: The path ending with * indicates that the path is used as a prefix. For example, if the path to be protected is /admin/test.php or /adminabc, set Path to /admin*.
    • Exact match: The path to be entered must match the path to be protected. If the path to be protected is /admin, set Path to /admin.
    +
    NOTE:
    • The path supports prefix and exact matches only and does not support regular expressions.
    • The path cannot contain two or more consecutive slashes. For example, ///admin. If you enter ///admin, the WAF engine converts /// to /.
    +
    +

    /admin*

    +

    Event ID

    +

    ID of a built-in rule, which is automatically read. The value consists of six digits.

    +

    223604

    +
    +
    +

  6. Click OK. The event is no longer displayed in the event list.

    You can switch to the Domains page, locate the row containing the target domain name, click Configure Policy in the Operation column. In the False Alarm Masking area, and click Customize Rule to view the added false alarm rule.

    +
    +

+
+
+
+
+
Parent topic: Event Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0025.html b/docs/waf/umn/waf_01_0025.html new file mode 100644 index 00000000..921eafee --- /dev/null +++ b/docs/waf/umn/waf_01_0025.html @@ -0,0 +1,29 @@ + + +

General

+
+
+ + +
+
Parent topic: FAQs
+
+
+ diff --git a/docs/waf/umn/waf_01_0026.html b/docs/waf/umn/waf_01_0026.html new file mode 100644 index 00000000..e0496acb --- /dev/null +++ b/docs/waf/umn/waf_01_0026.html @@ -0,0 +1,11 @@ + + +

Which OSs Does WAF Support?

+

WAF is deployed on the cloud and is not coupled with services on a web server. Therefore, WAF supports all OSs.

+
+
+
+
Parent topic: General
+
+
+ diff --git a/docs/waf/umn/waf_01_0027.html b/docs/waf/umn/waf_01_0027.html new file mode 100644 index 00000000..925fd006 --- /dev/null +++ b/docs/waf/umn/waf_01_0027.html @@ -0,0 +1,11 @@ + + +

Which Web Service Frameworks Does WAF Support?

+

WAF is deployed on the cloud and is not coupled with services on a web server. Therefore, WAF supports all web service frameworks.

+
+
+
+
Parent topic: General
+
+
+ diff --git a/docs/waf/umn/waf_01_0028.html b/docs/waf/umn/waf_01_0028.html new file mode 100644 index 00000000..aa2357c6 --- /dev/null +++ b/docs/waf/umn/waf_01_0028.html @@ -0,0 +1,19 @@ + + +

What Protection Policies Does WAF Support?

+

The protection policies supported by WAF are described below.

+
  • Basic Web Protection

    WAF can defend against common web attacks, such as SQL injection, XSS, webshells, and Trojans in HTTP upload channels. Once these functions are enabled, protection takes effect immediately.

    +
  • CC Attack Protection

    Flexible rate limiting policies can be set based on the IP addresses, cookies, or Referer field, mitigating CC attacks.

    +
  • Precise Protection

    Common HTTP fields can be combined to customize protection policies, such as CSRF protection. With user-defined rules, WAF can accurately detect malicious requests and protect sensitive information in websites.

    +
  • Blacklist and Whitelist

    Blacklist or whitelist rules allow you to block or allow specific IP addresses or address ranges, improving defense accuracy.

    +
  • Web Tamper Protection

    Cache configuration is performed on static webpages. When a user accesses a webpage, the system returns a cached page to the user and randomly checks whether the page has been tampered with.

    +
  • False Alarm Masking

    This function ignores certain attack detection rules for specific requests.

    +
  • Data Masking

    Data masking prevents such data as passwords from being displayed in event logs.

    +
+
+
+
+
Parent topic: General
+
+
+ diff --git a/docs/waf/umn/waf_01_0029.html b/docs/waf/umn/waf_01_0029.html new file mode 100644 index 00000000..5792368c --- /dev/null +++ b/docs/waf/umn/waf_01_0029.html @@ -0,0 +1,11 @@ + + +

Can WAF Protect a Private IP Address?

+

No. WAF cannot obtain the private IP address of the user site because Virtual Private Cloud (VPC) is isolated.

+
+
+
+
Parent topic: General
+
+
+ diff --git a/docs/waf/umn/waf_01_0030.html b/docs/waf/umn/waf_01_0030.html new file mode 100644 index 00000000..06e1b2e9 --- /dev/null +++ b/docs/waf/umn/waf_01_0030.html @@ -0,0 +1,11 @@ + + +

Which Layer Does WAF Provides Protection At?

+

WAF provides protection for seven layers, namely, the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer.

+
+
+
+
Parent topic: General
+
+
+ diff --git a/docs/waf/umn/waf_01_0036.html b/docs/waf/umn/waf_01_0036.html new file mode 100644 index 00000000..645636eb --- /dev/null +++ b/docs/waf/umn/waf_01_0036.html @@ -0,0 +1,12 @@ + + +

When Is Cookie Used to Identify Users?

+

During the configuration of a CC attack protection rule, if IP addresses cannot identify users precisely, for example, when many users share an egress IP address, use Cookie to identify users.

+

If the cookie contains key values, such as the session value, of users, the key value can be used as the basis for identifying users.

+
+
+
+
Parent topic: General
+
+
+ diff --git a/docs/waf/umn/waf_01_0037.html b/docs/waf/umn/waf_01_0037.html new file mode 100644 index 00000000..c4948139 --- /dev/null +++ b/docs/waf/umn/waf_01_0037.html @@ -0,0 +1,11 @@ + + +

Can WAF Protect HTTPS Services?

+

Yes. You simply need to configure HTTPS as the frontend protocol and allow WAF to host your certificate. Then, WAF protects your HTTPS service.

+
+
+
+
Parent topic: General
+
+
+ diff --git a/docs/waf/umn/waf_01_0045.html b/docs/waf/umn/waf_01_0045.html new file mode 100644 index 00000000..69accdab --- /dev/null +++ b/docs/waf/umn/waf_01_0045.html @@ -0,0 +1,64 @@ + + +

Web Application Firewall

+

Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

+

Functions

WAF helps you easily handle web security risks.

+
  • Basic web protection

    With preset powerful reputation databases, WAF defends against OWASP Top 10 threats, and detects and blocks malicious scanners, IP addresses, and web shells.

    +
    • Comprehensive protection

      WAF detects and blocks such threats as SQL injection, XSS, file inclusion, directory traversal attacks, sensitive file access, command and code injections, web shells, backdoors, malicious HTTP requests, and third-party vulnerability exploits.

      +
    • Precise identification
      • Built-in semantic analysis and regex engines, and blacklist/whitelist configurations, reducing false positives
      • Common code restoration with improved detection capabilities on distortion attacks

        Encoding types supported: url_encode, Unicode, XML encoding, C-OCT encoding, hexadecimal encoding, HTML encoding, base64 encoding, obfuscation, JavaScript, shell, and php

        +
      +
    +
  • CC attack protection

    By configuring protective actions and returned pages based on your needs, WAF mitigates the impact of CC attacks (also known as HTTP flood attacks).

    +
    • Fine-grained flexibility

      Allows you to flexibly set rate limiting policies by IP address, cookie, or Referer field.

      +
    • Returned page customization

      Meets diverse requirements for returned content and page type.

      +
    +
  • Security visualization

    Provides a user-friendly interface, allowing you to monitor attack information and event logs in real time.

    +
    • Centralized policy configuration

      On-console configuration, rapid delivery, and immediate implementation of policies

      +
    • Traffic and event statistics

      Real-time display of the number of requests, the number and types of security events, and log information

      +
    +
  • Non-standard ports (169 in total)
    In addition to standard ports 80 and 443, WAF also supports 169 non-standard ports. Select one of the following ports.
    • 146 non-standard HTTP ports: +
      + + + + + + + + + + + +

      Port Number Starting with 7 (33)

      +

      Port Number Starting with 8 (57)

      +

      Port Number Starting with 9 (33)

      +

      Other (23)

      +

      7000, 7001, 7002, 7003, 7004, 7005, 7006, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7018, 7019, 7020, 7021, 7022, 7023, 7024, 7025, 7026, 7070, 7081, 7082, 7083, 7088, 7097, 7510, 7777, and 7800

      +

      81, 82, 83, 84, 86, 87, 88, 89, 800, 808, 8000, 8001, 8002, 8003, 8008, 8009, 8010, 8011, 8012, 8013, 8014, 8015, 8016, 8017, 8020, 8021, 8022, 8025, 8026, 8070, 8077, 8078, 8080, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8092, 8093, 8094, 8095, 8096, 8097, 8098, 8106, 8118, 8181, 8334, 8336, 8800, 8686, 8888, 8889, and 8999

      +

      97, 9000, 9001, 9002, 9003, 9080, 9200, 9802, 9999, 9021, 9023, 9027, 9037, 9081, 9082, 9201, 9205, 9207, 9208 9209, 9210, 9211, 9212, 9213, 9180, 9898, 9908, 9916, 9918, 9919, 9928, 9929, and 9939

      +

      1000, 1090, 10000, 10001, 10080, 12601, 28080, 33702, 3128, 3333, 3501, 3601, 4444, 48800, 5000, 5222, 5555, 5601, 6001, 6666, 6788 6789, and 6842

      +
      +
      +
    • 23 non-standard HTTPS ports:

      4443, 5443, 6443, 7443, 8033, 8081, 8082, 8083, 8084, 8443, 8553, 8663, 8843, 9443, 9553, 9663, 18000, 18110, 18381, 18443, 18980, 28443, and 19000

      +
    +
    +
  • Precise protection

    Supports precise logic- and parameter-based access control policies.

    +
    • A variety of parameter conditions

      Sets conditions with combinations of common HTTP parameters such as IP, URL, Referer, User Agent, Params, and Header.

      +
    • Rich set of logical relationships

      Blocks or allows traffic based on logical relationships such as "Include", "Exclude", "Equal to", "Not equal to", "Prefix is", and "Prefix is not."

      +
    +
  • Protection against scanners and crawlers

    Built-in scanner and crawler rules block unauthorized web page crawling. The customized malicious crawler and scanner features improve protection accuracy.

    +
  • Blacklist and whitelist

    This function allows you to blacklist or whitelist IP addresses to improve defense accuracy.

    +
  • Web tamper protection

    Cache configuration is performed on static web pages. When a user accesses a web page, the system returns a cached page to the user and randomly checks whether the page has been tampered with.

    +
  • False alarm masking

    This function ignores certain attack detection rules for specific requests.

    +
  • Data masking

    WAF masks sensitive information, such as usernames and passwords, in the event log.

    +
  • Alarm notification

    Once this function is enabled, WAF sends attack logs to users by email or SMS.

    +
  • Event management
    • You can mask blocked or logged attack events misreported by WAF and view event details.
    • You can download events data over the past five days.
    +
+
+
+
+
+
Parent topic: Introduction
+
+
+ diff --git a/docs/waf/umn/waf_01_0046.html b/docs/waf/umn/waf_01_0046.html new file mode 100644 index 00000000..3f623bd0 --- /dev/null +++ b/docs/waf/umn/waf_01_0046.html @@ -0,0 +1,19 @@ + + +

Application Scenarios

+

This section describes the application scenarios of WAF.

+
  • Common protection

    WAF helps users defend against common web attacks, such as command injection and sensitive file access.

    +
  • Promotion within online shopping malls

    Countless malicious requests may be sent to service interfaces during online promotions. WAF allows configurable rate limiting policies to defend against CC attacks. This prevents services from breaking down due to many concurrent requests, ensuring response to legitimate requests.

    +
  • Zero-day vulnerabilities

    Services cannot recover quickly from impact of zero-day vulnerabilities in third-party web frameworks and plug-ins. WAF updates the preset protection rules immediately to add an additional protection layer to such web frameworks and plug-ins and this layer can react faster than fixing the vulnerabilities.

    +
  • Web page tampering

    Attackers leave backdoors on web servers or tamper with web page content, causing asset loss or other negative impacts. You can use WAF to configure web tamper protection rules to achieve:

    +
    • Website malicious code detection

      Detects malicious codes injected to the web server, helping ensure a safe visit to the site.

      +
    • Web page tampering prevention

      Prevents attackers from tampering with or changing web page content, or publishing indecent content that damages a website's brand image.

      +
    +
+
+
+
+
Parent topic: Introduction
+
+
+ diff --git a/docs/waf/umn/waf_01_0047.html b/docs/waf/umn/waf_01_0047.html new file mode 100644 index 00000000..547f4ea9 --- /dev/null +++ b/docs/waf/umn/waf_01_0047.html @@ -0,0 +1,21 @@ + + +

Accessing and Using WAF

+
+
+ + +
+
Parent topic: Introduction
+
+
+ diff --git a/docs/waf/umn/waf_01_0048.html b/docs/waf/umn/waf_01_0048.html new file mode 100644 index 00000000..ad23dd93 --- /dev/null +++ b/docs/waf/umn/waf_01_0048.html @@ -0,0 +1,12 @@ + + +

How to Access WAF

+

You can access WAF using the management console. If you have registered with the public cloud, you can directly log in to the management console.

+
  • Cloud mode: On the homepage, choose Security > Web Application Firewall.
  • Dedicated mode: On the homepage, choose Security > Web Application Firewall (Dedicated).
+
+
+
+
Parent topic: Accessing and Using WAF
+
+
+ diff --git a/docs/waf/umn/waf_01_0049.html b/docs/waf/umn/waf_01_0049.html new file mode 100644 index 00000000..d4192e83 --- /dev/null +++ b/docs/waf/umn/waf_01_0049.html @@ -0,0 +1,13 @@ + + +

How to Use WAF

+

The evolution of hacking techniques has caused frequent cybersecurity incidents against web servers. WAF provides comprehensive security protection for web services.

+

You can configure policies to detect attacks such as SQL injection, XSS, webshells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawler scanning, and CSRF.

+

WAF features an easy-to-use console and provides event logs and statistics reports, helping you stay up to date with the security of your website and allowing you to mask false alarms or add whitelist rules to ignore false alarms.

+
+
+
+
Parent topic: Accessing and Using WAF
+
+
+ diff --git a/docs/waf/umn/waf_01_0051.html b/docs/waf/umn/waf_01_0051.html new file mode 100644 index 00000000..f28d3799 --- /dev/null +++ b/docs/waf/umn/waf_01_0051.html @@ -0,0 +1,271 @@ + + +

Related Services

+

This section describes the relationship between WAF and other cloud services.

+

CTS

Cloud Trace Service (CTS) provides records of operations on WAF. With CTS, you can query, audit, and backtrack these operations. For details, see the Cloud Trace Service User Guide.

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 1 WAF operations that can be recorded by CTS

Operation

+

Resource Type

+

Trace Name

+

Creating a WAF instance

+

instance

+

createInstance

+

Deleting a WAF instance

+

instance

+

deleteInstance

+

Modifying a WAF instance

+

instance

+

modifyInstance

+

Modifying the protection status of a WAF instance

+

instance

+

modifyProtectStatus

+

Modifying the connection status of a WAF instance

+

instance

+

modifyAccessStatus

+

Creating a policy

+

policy

+

createPolicy

+

Applying a policy

+

policy

+

applyToPolicy

+

Modifying a policy

+

policy

+

modifyPolicy

+

Deleting a policy

+

policy

+

deletePolicy

+

Modifying alarm notification settings

+

alertNoticeConfig

+

modifyAlertNoticeConfig

+

Uploading a certificate

+

certificate

+

createCertificate

+

Changing the name of a certificate

+

certificate

+

modifyCertificate

+

Deleting a certificate

+

certificate

+

deleteCertificate

+

Adding a CC attack protection rule

+

policy

+

createCc

+

Modifying a CC attack protection rule

+

policy

+

modifyCc

+

Deleting a CC attack protection rule

+

policy

+

deleteCc

+

Adding a precise protection rule

+

policy

+

createCustom

+

Modifying a precise protection rule

+

policy

+

modifyCustom

+

Deleting a precise protection rule

+

policy

+

deleteCustom

+

Adding a blacklist or whitelist rule

+

policy

+

createWhiteblackip

+

Modifying a blacklist or whitelist rule

+

policy

+

modifyWhiteblackip

+

Deleting a blacklist or whitelist rule

+

policy

+

deleteWhiteblackip

+

Adding a web tamper protection rule

+

policy

+

createAntitamper

+

Updating a web tamper protection rule

+

policy

+

refreshAntitamper

+

Deleting a web tamper protection rule

+

policy

+

deleteAntitamper

+

Adding a false alarm masking rule

+

policy

+

createIgnore

+

Deleting a false alarm masking rule

+

policy

+

deleteIgnore

+

Adding a data masking rule

+

policy

+

createPrivacy

+

Modifying a data masking rule

+

policy

+

modifyPrivacy

+

Deleting a data masking rule

+

policy

+

deletePrivacy

+
+
+
+

Cloud Eye

Cloud Eye monitors the metrics of WAF, so that you can understand the protection status of WAF in a timely manner, and set protection policies accordingly. For details, see the Cloud Eye User Guide.

+

For details about monitoring metrics, see Monitoring Metrics.

+
+

TMS

Tag Management Service (TMS) is a visualized service for fast and unified tag management that enables you to label and manage WAF instances by tags.

+ +
+ + + + + + + + + + + + + +
Table 2 WAF operations supported by TMS

Operation

+

Resource Type

+

Event Name

+

Creating a WAF instance tag

+

Tag

+

createResourceTag

+

Deleting a WAF instance tag

+

Tag

+

deleteResourceTag

+
+
+
+

IAM

Identity and Access Management (IAM) provides the permission management function for WAF. Only users granted with the WAF Administrator permissions can use WAF. To obtain the permissions, contact users who have the Security Administrator permissions. For details, see the Identity and Access Management User Guide.

+
+

SMN

The Simple Message Notification (SMN) service provides the notification function. After the notification function is enabled in WAF, users will receive an SMS message or email when an attack on a protected domain is detected.

+

For details about SMN, see the Simple Message Notification User Guide.

+
+
+
+
+
Parent topic: Accessing and Using WAF
+
+
+ diff --git a/docs/waf/umn/waf_01_0052.html b/docs/waf/umn/waf_01_0052.html new file mode 100644 index 00000000..ab45b552 --- /dev/null +++ b/docs/waf/umn/waf_01_0052.html @@ -0,0 +1,12 @@ + + +

User Permissions

+

The system provides two types of default permissions: user management and resource management. User management includes management of users, user groups, and user groups' rights. Users with resource management permissions can control the operations performed on cloud service resources.

+

For details about permissions of WAF users, see Permission Description.

+
+
+
+
Parent topic: Accessing and Using WAF
+
+
+ diff --git a/docs/waf/umn/waf_01_0055.html b/docs/waf/umn/waf_01_0055.html new file mode 100644 index 00000000..d56faba3 --- /dev/null +++ b/docs/waf/umn/waf_01_0055.html @@ -0,0 +1,13 @@ + + +

Policy Management

+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0056.html b/docs/waf/umn/waf_01_0056.html new file mode 100644 index 00000000..dad0bc39 --- /dev/null +++ b/docs/waf/umn/waf_01_0056.html @@ -0,0 +1,30 @@ + + +

What Should I Do If the DNS Status Is Unconfigured?

+

If DNS is Unconfigured, domain name resolution fails, that is, the domain name is not connected to WAF. In this case, perform the following steps to connect the domain name again:

+
  • If a proxy such as CDN or AAD is used, you need to configure the back-to-source IP address, subdomain name, and TXT record. Figure 1 shows an example.
    Figure 1 Connecting a domain name
    +
    1. Configure the back-to-source IP address of the proxy on the website.

      For example, change the back-to-source IP address of CDN or AAD to the WAF IP address by following the instructions shown in Figure 1.

      +
    2. Configure Subdomain Name and TXT Record.

      Add a subdomain name and TXT record to the DNS records of your DNS provider by following the instructions shown in Figure 1.

      +
    +

    The high availability of our system, which is based on multi-AZ deployments to support both active-active and disaster recovery, relies on the WAF CNAME record.

    +
    +
  • If no proxy is used, the CNAME record must be configured. Figure 2 shows an example.
    Figure 2 Connecting a domain name (CNAME record)
    +
    1. Go to your DNS provider and configure the CNAME record. For details, contact your DNS provider.
      The high availability of our system, which is based on multi-AZ deployments to support both active-active and disaster recovery, relies on the WAF CNAME record. Therefore,
      1. Do not modify the hosts file. Add the CNAME record directly to the DNS records of your DNS provider.
      2. Do not use the A record to replace the CNAME record.
      +
      +
      +

      The CNAME binding method of some common DNS providers is listed for your reference. If the following configuration is inconsistent with the actual configuration, rely on information provided by the DNS providers.

      +
      1. Log in to the management console of the DNS provider.
      2. Go to the domain resolution record page.
      3. Set the CNAME resolution record.
        • Set the record type to CNAME.
        • Generally, enter the domain name prefix in the host record. For example, if the protected domain name is admin.demo.com, enter admin in the host record.
        • The record value is the CNAME generated by WAF.
        • Resolution line: keep the default value TTL.
        +
      4. Click Save.
      +

      The preceding resolution methods are provided by third parties. This document does not control or assume responsibility for any third party content, including but not limited to its accuracy, compatibility, reliability, availability, legitimacy, appropriateness, performance, non-infringement, or status update, unless otherwise specified in this document.

      +
      +
    2. Verify that the CNAME has been configured.
      1. In Windows, choose Start > Run. Then enter cmd and press Enter.
      2. Run the following command to query the CNAME. If the configured CNAME is displayed, the configuration is successful.

        nslookup www.domain.com

        +
      +
    +
+
+
+
+
Parent topic: Operation-related
+
+
+ diff --git a/docs/waf/umn/waf_01_0062.html b/docs/waf/umn/waf_01_0062.html new file mode 100644 index 00000000..d422402b --- /dev/null +++ b/docs/waf/umn/waf_01_0062.html @@ -0,0 +1,16 @@ + + +

How Do I Obtain the Real IP Address of a Web Visitor After WAF Is Enabled?

+

Generally, a proxy such as CDN, WAF, and AAD is deployed between the client and server. Web visitors cannot directly access the server. For example, web visitor > CDN/WAF/AAD > origin server. Then, how does the server obtain the real IP address of the client when multiple proxies are used?

+
  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Domains.Figure 1 shows an example.

    Figure 1 Domains page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. In the Name column, click the target domain name to go to the basic information page.
  5. View Source IP Header. By default, WAF obtains the real IP address of a web visitor from the HTTP header X-Forwarded-For. The first IP address in the X-Forwarded-For field is the real IP address of the web visitor. You can also click to customize the field to identify the real IP address. Figure 2 shows an example.

    Figure 2 Basic domain information
    +

+
+
+
+
Parent topic: Operation-related
+
+
+ diff --git a/docs/waf/umn/waf_01_0063.html b/docs/waf/umn/waf_01_0063.html new file mode 100644 index 00000000..1b5ed4f9 --- /dev/null +++ b/docs/waf/umn/waf_01_0063.html @@ -0,0 +1,21 @@ + + +

Operation-related

+
+
+ + +
+
Parent topic: FAQs
+
+
+ diff --git a/docs/waf/umn/waf_01_0064.html b/docs/waf/umn/waf_01_0064.html new file mode 100644 index 00000000..40a38cb0 --- /dev/null +++ b/docs/waf/umn/waf_01_0064.html @@ -0,0 +1,17 @@ + + +

Introduction

+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0065.html b/docs/waf/umn/waf_01_0065.html new file mode 100644 index 00000000..6b7cc9fc --- /dev/null +++ b/docs/waf/umn/waf_01_0065.html @@ -0,0 +1,16 @@ + + +

Product Advantages

+

WAF examines web traffic from multiple dimensions to accurately identify malicious requests and filter attacks, reducing the risks of data being tampered with or stolen.

+
  • Comprehensive protection

    A built-in extensive database of attack signatures detects and blocks dozens of common web attacks.

    +
  • Technology leadership

    The industry-leading semantic and regex engines help accurately identify threats and significantly improve the threat detection rate.

    +
  • Flexible configuration

    Custom precise protection rules meet diverse requirements of security operations.

    +
  • Reliability

    Multi-engine cluster deployment and 24/7 monitoring ensure zero service interruption.

    +
+
+
+
+
Parent topic: Introduction
+
+
+ diff --git a/docs/waf/umn/waf_01_0066.html b/docs/waf/umn/waf_01_0066.html new file mode 100644 index 00000000..f5eeb83a --- /dev/null +++ b/docs/waf/umn/waf_01_0066.html @@ -0,0 +1,34 @@ + + +

How Do I Troubleshoot 500/502/504 Errors?

+

If an error such as 500 Internal Server Error, 502 Bad Gateway, or 504 Gateway Timeout occurs after your web server connects to WAF, use the following methods to locate the cause and remove the error:

+

Symptom 1

After WAF is configured, your web server works properly. However, a few minutes later, a 502 Bad Gateway error is reported frequently.
  • Possible Causes

    Interception by a firewall, security protection software installed on the backend server, or the rate limiting policy

    +
  • Solution

    Add the WAF IP address ranges to the whitelist of the firewall (hardware or software), security protection software, and rate limiting module.

    +
+
+
+

Symptom 2

After WAF is configured, the accessed page returns a 502/500 error frequently (when multiple backend servers are configured).
  • Possible Cause

    Origin server configuration error

    +
  • Solution

    Locate the target domain name record in the domain name list and click the domain name. On the displayed page, in the Server Information area, check whether the protocol, IP address, and port number used by the origin server are correct. For details about editing domain information, see Viewing Basic Information.

    +
    Figure 1 Server configuration
    +

    As shown in Figure 1, you can access the IP address of the origin server to check whether the backend service port is enabled.

    +
+
+
+

Symptom 3

After WAF is configured, a 502 Bad Gateway error is reported frequently when web visitors request access to your server over HTTPS. However, web visitors can directly access the server.
  • Possible Cause

    Outdated HTTPS version

    +
  • Solution
    A lower Secure Sockets Layer (SSL) version has serious security risks. WAF supports TLSv1.2 or later. If your server has a lower SSL version, a 502 Bad Gateway error is reported after your server connects to WAF. In this case, you need to upgrade the SSL version of your server. You can visit https://www.ssllabs.com/ssltest/index.html to check your SSL version.
    • If the OS of your web server is earlier than Windows Server 2008, the SSL protocol does not support TLSv1.2 or later. In this case, you need to upgrade the server OS to Windows Server 2008 or later (or a new version of Linux), and enable TLSv1.2 in services such as IIS.
    • If your web server does not run Windows, check whether the SSL protocol is TLSv1.2 or later.
    +
    +
+
+
+

Symptom 4

After WAF is configured, your web server works properly. However, when the number of requests increases, 502/504 errors increase as well. If web visitors directly access your web server, there is a possibility that the 502/504 error code is returned.
  • Possible Cause

    Backend server performance issue

    +
  • Solution
    1. Optimize the server configuration, including TCP network parameters and ulimit parameters.
    2. Increase the number of backend ECSs to support rising service volumes. WAF supports configuration of multiple backend servers.
    3. If web visitors request access to your web server over HTTPS, you can use HTTPS forwarding on the WAF side. However, it is recommended that HTTP be used to forward the requests to your web server, lowering the computational pressure on backend servers.
    +
+
+
+
+
+
+
Parent topic: Operation-related
+
+
+ diff --git a/docs/waf/umn/waf_01_0067.html b/docs/waf/umn/waf_01_0067.html new file mode 100644 index 00000000..5be9f518 --- /dev/null +++ b/docs/waf/umn/waf_01_0067.html @@ -0,0 +1,23 @@ + + +

Domain Management

+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0069.html b/docs/waf/umn/waf_01_0069.html new file mode 100644 index 00000000..37d61572 --- /dev/null +++ b/docs/waf/umn/waf_01_0069.html @@ -0,0 +1,21 @@ + + +

Setting WAF Bypassed Mode

+

This section describes how to set the bypassed mode whereby requests are sent directly to the backend server without passing through WAF.

+

In special scenarios such as testing, if services need to be restored to the state where the domain name is not connected to WAF, use the Bypassed mode.

+
+

Prerequisites

  • Login credentials have been obtained.
  • Mode for WAF to protect the domain name is Enabled or Disabled.
  • Your web server does not use a proxy.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click Service List at the top of the page and choose Security > Web Application Firewall. In the navigation pane, choose Domains. Figure 1 shows an example.

    Figure 1 Domain name list
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. In the Operation column of the target domain name, click Switch Mode.
  5. In the dialog box displayed, select Bypassed and then click OK.
+

+
+
+
+
+
Parent topic: Domain Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0070.html b/docs/waf/umn/waf_01_0070.html new file mode 100644 index 00000000..15d479e0 --- /dev/null +++ b/docs/waf/umn/waf_01_0070.html @@ -0,0 +1,17 @@ + + +

Getting Started

+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0071.html b/docs/waf/umn/waf_01_0071.html new file mode 100644 index 00000000..d0de94aa --- /dev/null +++ b/docs/waf/umn/waf_01_0071.html @@ -0,0 +1,57 @@ + + +

Overview

+

Before using WAF, you need to connect your domain name to it and enable it for protection to take effect.

+
Table 1 describes the procedure to use WAF. +
+ + + + + + + + + + + + + + + + + + + + + + +
Table 1 Procedure to use WAF

Step

+

Description

+

Creating a domain name

+

Add a website to be protected. For details, see Creating a Domain Name.

+

Enabling WAF protection

+

Enable WAF protection to protect your web services. For details, see Enabling WAF Protection.

+
NOTE:
  • The WAF engine does not run on your web server. Therefore, your web server performance will not be affected.
  • After your domain name is connected to WAF, there will be a latency of tens of milliseconds, but might be raised based on the size of the requested page or number of incoming requests.
  • You are billed for queries per second (QPS) or service bandwidth. One HTTP GET request is counted as a query, and the maximum QPS WAF can handle is 10,000. The total volume of normal traffic to a website or domain names protected by WAF is counted as the service bandwidth, and the maximum service bandwidth WAF can handle is 300 Mbit/s.
+
+

Configuring rules

+

In addition to the built-in protection rules, WAF provides a rich set of custom rules. For details, see Rule Configurations.

+

Enabling alarm notification

+

Once the function is enabled, users can receive attack logs at the earliest moment. For details, see Enabling Alarm Notification.

+

Handling false alarms

+

If the attack events blocked or logged are false positives, mask them. For details, see Handling False Alarms.

+

Viewing Dashboard

+

View the request and attack statistics, event distribution, and top 5 attack resource IP addresses of yesterday, today, past 3 days, past 7 days, or past 30 days. For details, see Dashboard.

+
+
+
+
For details about how to connect your website to WAF, see Figure 1.
Figure 1 Flowchart for connecting your website to WAF
+
+

+
+
+
+
Parent topic: Getting Started
+
+
+ diff --git a/docs/waf/umn/waf_01_0073.html b/docs/waf/umn/waf_01_0073.html new file mode 100644 index 00000000..d543b819 --- /dev/null +++ b/docs/waf/umn/waf_01_0073.html @@ -0,0 +1,31 @@ + + +

Testing WAF

+

This section describes how to connect your domain to WAF on a local PC and then access the site to verify whether WAF works properly.

+

Before testing WAF, ensure that the protocol, address, and port number used by the origin server of the domain name (for example, www.test.com), and uploaded certificate content and private key if Client Protocol is HTTPS are correct.

+

Prerequisites

  • Login credentials have been obtained.
  • A domain name without using any other proxy has been created.
+
+

Connecting Your Domain to WAF Locally

  1. Obtain the CNAME value.

    1. Log in to the management console.
    2. Click in the upper left corner of the management console and select a region or project.
    3. Choose Security > Web Application Firewall.
    4. In the navigation pane, choose Domains. Figure 1 shows an example.
      Figure 1 Domains page
      +

      In the upper part of the domain name list, click Quota details to view the domain name quota.

      +
      +
    5. In the row of the desired domain name, under the Name column, click the domain name you want to test. Figure 2 shows an example.
      Figure 2 Copying the CNAME value
      +
    6. In the CNAME row, click to copy the CNAME value.
    +

  2. Ping the CNAME value and record the corresponding IP address (for example, 192.168.0.1).
  3. Add the domain name and WAF IP address to the hosts file.

    1. Use a text editor, such as Notepad or Notepad++, to open the hosts file. Generally, the hosts file is stored in the C:\Windows\System32\drivers\etc\ directory.
    2. Add the back-to-source IP address of WAF obtained in Step 2 and protected domain name to the hosts file. Figure 3 shows an example.
      Figure 3 Adding a record
      +
    3. Save the hosts file and ping the protected domain name on the local PC.

      It is expected that the resolved IP address is the back-to-source IP address of WAF obtained in Step 2. If the resolved IP address is the origin server address, run the ipconfig/flushdns command in the Windows operating system to refresh the DNS cache.

      +
    +

+
+

Verifying Whether WAF Forwarding Is Normal

  1. Clear the browser cache and enter the domain name in the address box of a browser to check whether the website can be accessed.

    If the domain name resolves to the back-to-source IP address of WAF and WAF configurations are correct, the website can be accessed.

    +
    Figure 4 Normal access
    +

  2. Simulate simple web attack commands.

    1. Set the mode of Basic Web Protection to Block. For details, see Enabling Basic Web Protection.
    2. Clear the browser cache, enter http://www.test.com?id=1%20or%201%20=1 in the address box of the browser to simulate an SQL injection attack, and check whether WAF blocks the attack. See Figure 5.
      Figure 5 Request blocked
      +
    3. Choose Security > Web Application Firewall. On the displayed page, click Events and view test data on the displayed page. Figure 6 shows an example.
      Figure 6 Viewing test data
      +
    +

+
+
+
+
+
Parent topic: Getting Started
+
+
+ diff --git a/docs/waf/umn/waf_01_0074.html b/docs/waf/umn/waf_01_0074.html new file mode 100644 index 00000000..01a166af --- /dev/null +++ b/docs/waf/umn/waf_01_0074.html @@ -0,0 +1,22 @@ + + +

Creating a Policy

+

A policy is a combination of multiple rules, such as basic web protection, blacklist or whitelist, and precise protection rules. A policy can be applied to multiple domain names. This section describes how to create a policy.

+

Prerequisites

Login credentials have been obtained.

+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane, choose Policies.
  1. Click Create Policy in the upper right corner of the list. Figure 1 shows an example.

    Figure 1 Creating a policy
    +

    In the upper part of the protection policy list, click Quota details to view the quota of the protection policy.

    +
    +

  2. In the dialog box displayed, enter a policy name and click OK. Figure 2 shows an example.

    Figure 2 Create Policy dialog box
    +

  3. In the Policy Name column, click the target policy name. On the displayed page, add rules to the policy by referring to Section Rule Configurations.

    Figure 3 Policies page
    +
    • To modify a policy name, click next to the target policy name. In the dialog box displayed, enter a new policy name.
    • After a domain name is created, WAF protection is enabled by default. The mode of Basic Web Protection is Log only (detected attacks are only logged but not blocked.). By default, WAF creates a CC attack protection rule to the policy. The rule can be modified but cannot be deleted.
    +
    +

+
+
+
+
+
Parent topic: Policy Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0075.html b/docs/waf/umn/waf_01_0075.html new file mode 100644 index 00000000..81e2ad63 --- /dev/null +++ b/docs/waf/umn/waf_01_0075.html @@ -0,0 +1,20 @@ + + +

Applying a Policy to Your Domain Names

+

This section describes how to apply a policy to your domain names.

+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane, choose Policies.
  4. In the row containing the target policy name, click Bind Domain in the Operation column. Figure 1 shows an example.

    Figure 1 Clicking Bind Domain
    +

  5. Select one or more domain names from the Domain Name drop-down list. Figure 2 shows an example.

    To view information about all domain names, click View Domains.
    • A protected domain name can use only one policy, but one policy can be applied to multiple domain names.
    • To delete a policy bound to domain names, bind these domain names to other policies, and click Delete in the Operation column of the target policy name.
    +
    +
    Figure 2 Selecting one or more domain names
    +
    +

  6. Click OK.
+
+
+
+
+
Parent topic: Policy Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0077.html b/docs/waf/umn/waf_01_0077.html new file mode 100644 index 00000000..4f631d08 --- /dev/null +++ b/docs/waf/umn/waf_01_0077.html @@ -0,0 +1,38 @@ + + +

Downloading Events Data

+

This section describes how to download events (logged and blocked events) data over the past five days. An event file is generated at 01:00:00 (UTC time) of the second day.

+

Prerequisites

  • Login credentials have been obtained for logging in to the management console.
  • An event file has been generated.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Events. On the displayed page, click the Download tab. Table 1 lists related parameters. Figure 1 shows an example.

    Figure 1 Download tab page
    + +
    + + + + + + + + + + +
    Table 1 Parameter description

    Parameter

    +

    Description

    +

    Name

    +

    The format is file name.csv.

    +

    Number of Events

    +

    Total number of blocked and logged events

    +
    NOTE:

    The maximum number of events in a file is 10,000. If the number of events exceeds 10,000, another file is generated.

    +
    +
    +
    +

  4. In the Operation column, click Download Data to download data to the local PC.
+
+
+
+
+
Parent topic: Event Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0078.html b/docs/waf/umn/waf_01_0078.html new file mode 100644 index 00000000..423062ed --- /dev/null +++ b/docs/waf/umn/waf_01_0078.html @@ -0,0 +1,13 @@ + + +

Certificate Management

+
+
+ +
+ diff --git a/docs/waf/umn/waf_01_0079.html b/docs/waf/umn/waf_01_0079.html new file mode 100644 index 00000000..61dc95d9 --- /dev/null +++ b/docs/waf/umn/waf_01_0079.html @@ -0,0 +1,42 @@ + + +

Connecting a Domain Name to WAF

+

This section describes how to connect a domain name to WAF so that website traffic passes through WAF.

+

To ensure that WAF works properly, you are advised to test WAF by following the instructions in Testing WAF before performing this operation.

+

How WAF Works

  • No proxy used

    DNS resolves your domain name to the origin server IP address before the site is moved to WAF. DNS resolves your domain name to the CNAME of WAF after the site is connected to WAF. WAF then filters out illegitimate traffic and only routes legitimate traffic back to the origin server.

    +
  • A proxy (such as AAD) used

    DNS resolves the domain name to the AAD IP address before your site is moved to WAF. In this case, the traffic passes through AAD and then AAD routes the traffic back to the origin server. After your site is moved to WAF, change the AAD back-to-source IP address to the access address of WAF and add a subdomain name and TXT record to the DNS records of your DNS provider for WAF to take effect. In this way, AAD forwards the traffic to WAF. WAF then filters out illegitimate traffic and only routes legitimate traffic back to the origin server.

    +
+
+

Prerequisites

  • Login credentials have been obtained.
  • A domain name has been created but not connected to WAF.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Domains. Figure 1 shows an example.

    Figure 1 Domains page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. In the Name column, click the target domain name. Its information is displayed.

    • Without a proxy
      1. In the CNAME row, click to copy the CNAME value.
        Figure 2 Copying the CNAME value
        +
      1. Go to your DNS provider and configure the CNAME record. For details, contact your DNS provider.
        The high availability of our system, which is based on multi-AZ deployments to support both active-active and disaster recovery, relies on the WAF CNAME record. Therefore,
        1. Do not modify the hosts file. Add the CNAME record directly to the DNS records of your DNS provider.
        2. Do not use the A record to replace the CNAME record.
        +
        +
        +

        The CNAME binding method of some common DNS providers is listed for your reference. If the following configuration is inconsistent with the actual configuration, rely on information provided by the DNS providers.

        +
        1. Log in to the management console of the DNS provider.
        2. Go to the domain resolution record page.
        3. Set the CNAME resolution record.
          • Set the record type to CNAME.
          • Generally, enter the domain name prefix in the host record. For example, if the protected domain name is admin.demo.com, enter admin in the host record.
          • The record value is the CNAME generated by WAF.
          • Resolution line: keep the default value TTL.
          +
        4. Click Save.
        +

        The preceding resolution methods are provided by third parties. This document does not control or assume responsibility for any third party content, including but not limited to its accuracy, compatibility, reliability, availability, legitimacy, appropriateness, performance, non-infringement, or status update, unless otherwise specified in this document.

        +
        +
      2. Verify that the CNAME has been configured.
        1. In Windows, choose Start > Run. Then enter cmd and press Enter.
        2. Run the following command to query the CNAME. If the configured CNAME is displayed, the configuration is successful.

          nslookup www.domain.com

          +
        +
      +
    • With a proxy
      1. Click in the Access Address, Subdomain Name, and TXT Record rows to copy the required values, respectively.
        Figure 3 Copying the access address and TXT record
        +
      2. Change the back-to-source address of the proxy (such as AAD or CDN) to the copied access address. Add a subdomain name and TXT record to the DNS records of your DNS provider. Then, the domain name is connected to WAF and traffic passes through WAF.

        The high availability of our system, which is based on multi-AZ deployments to support both active-active and disaster recovery, relies on the WAF CNAME record.

        +
        +
      +
    +

    By default, WAF detects the DNS status of each protected domain name hourly. If you have performed domain connection and DNS is Normal, the domain name is connected to WAF.

    +
    +

+
+
+
+
+
Parent topic: Getting Started
+
+
+ diff --git a/docs/waf/umn/waf_01_0082.html b/docs/waf/umn/waf_01_0082.html new file mode 100644 index 00000000..ef43dd28 --- /dev/null +++ b/docs/waf/umn/waf_01_0082.html @@ -0,0 +1,21 @@ + + +

How Do I Fix an Incomplete Certificate Chain?

+

If the certificate provided by the certificate authority is not found in the built-in trust store on your platform and the certificate chain does not have a certificate authority, the certificate is incomplete. If you use the incomplete certificate to access the website corresponding to the protected domain name, the access will fail.

+

Use either of the following methods to fix it:

+
  • Manually build up a complete certificate chain and upload the certificate. (This function is available soon.)
  • Purchase a new certificate and upload it.
+

The latest Google Chrome version supports automatic verification of the trust chain. The following describes how to manually create a complete certificate chain:

+
  1. Check the certificate. Click the padlock in the address bar to view the certificate status. Figure 1 shows an example.

    Figure 1 Viewing the certificate
    +

  2. Check the certificate chain. Click Certificate. Select the Certificate Path tab and then click the certificate name to view the certificate status. Figure 2 shows an example.

    Figure 2 Viewing the certificate chain
    +

  3. Save the certificates to the local PC one by one.

    1. Select the certificate name and click the Details tab. Figure 3 shows an example.
      Figure 3 Details
      +
    2. Click Copy to File, and then click Next as prompted.
    3. Select Base-64 encoded X.509 (.CER) and click Next. Figure 4 shows an example.
      Figure 4 Certificate Export Wizard
      +
    +

  4. Rebuild the certificate. After all certificates are exported to the local PC, open the certificate file in Notepad and rebuild the certificate according to the sequence shown in Figure 5.

    Figure 5 Certificate rebuilding
    +

  5. Upload the certificate again.
+
+
+
+
Parent topic: Operation-related
+
+
+ diff --git a/docs/waf/umn/waf_01_0090.html b/docs/waf/umn/waf_01_0090.html new file mode 100644 index 00000000..7922c788 --- /dev/null +++ b/docs/waf/umn/waf_01_0090.html @@ -0,0 +1,59 @@ + + +

Uploading a Certificate

+

This section describes how to upload a certificate.

+

Prerequisites

Login credentials have been obtained.

+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall.
  4. In the navigation pane, choose Certificates. The Certificates page is displayed, as shown in Figure 1.

    Figure 1 Certificates
    +

    In the upper part of the certificate list, click Quota details to view the certificate quota.

    +
    +

  5. In the upper right corner of the displayed page, click Upload Certificate. In the displayed Upload Certificate dialog box, enter the certificate name and paste the certificate file and private key to the corresponding text boxes. Figure 2 shows an example.

    Figure 2 Uploading a certificate
    +
    • In the Upload Certificate dialog box, click Quota details to view the certificate quota.
    • WAF encrypts and saves the private key to keep it safe.
    • For details about the combination sequence of a certificate chain, see How Do I Fix an Incomplete Certificate Chain?
    +
    +
    Currently, only .pem certificates are supported. If the certificate is not in .pem format, convert it into a .pem certificate by referring to Table 1 before uploading. +
    + + + + + + + + + + + + + + + + +
    Table 1 Certificate conversion commands

    Format

    +

    Usage (Using OpenSSL)

    +

    CER/CRT

    +

    Rename the cert.crt certificate file to cert.pem.

    +

    PFX

    +
    • Obtain a private key. For example, run the following command to convert cert.pfx into cert.key:

      openssl pkcs12 -in cert.pfx -nocerts -out cert.key -nodes

      +
    • Obtain a certificate. For example, run the following command to convert cert.pfx into cert.pem:

      openssl pkcs12 -in cert.pfx -nokeys -out cert.pem

      +
    +

    P7B

    +
    1. Convert a certificate. For example, run the following command to convert cert.p7b into cert.cer:

      openssl pkcs7 -print_certs -in cert.p7b -out cert.cer

      +
    2. Rename certificate file cert.cer to cert.pem.
    +

    DER

    +
    • Obtain a private key. For example, run the following command to convert privatekey.der into privatekey.pem:

      openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

      +
    • Obtain a certificate. As an example, run the following command to convert cert.cer into cert.pem:

      openssl x509 -inform der -in cert.cer -out cert.pem

      +
    +
    +
    +
    +

  6. Click OK.

    • If the number of uploaded certificates reaches the upper limit, delete the certificates that are not associated with any domain names by referring to Deleting a Certificate and then upload a certificate again.
    • To modify a certificate name, click next to the target certificate name in the Certificate Name column.
    +
    +

+
+
+
+
+
Parent topic: Certificate Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0091.html b/docs/waf/umn/waf_01_0091.html new file mode 100644 index 00000000..ceb8ce97 --- /dev/null +++ b/docs/waf/umn/waf_01_0091.html @@ -0,0 +1,19 @@ + + +

Deleting a Certificate

+

This section describes how to delete an unused certificate.

+

Prerequisites

  • Login credentials have been obtained.
  • The certificate to be deleted is not associated with any domain name.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall.
  4. In the navigation pane, choose Certificates. The Certificates page is displayed, as shown in Figure 1.

    Figure 1 Certificates
    +

    In the upper part of the certificate list, click Quota details to view the certificate quota.

    +
    +

  5. Locate the row that contains the certificate to be deleted, in the Operation column, click Delete. Figure 2 shows an example.

    Figure 2 Delete Certificate
    +

  6. In the displayed dialog box, click Yes.
+
+
+
+
+
Parent topic: Certificate Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0092.html b/docs/waf/umn/waf_01_0092.html new file mode 100644 index 00000000..ba024bc7 --- /dev/null +++ b/docs/waf/umn/waf_01_0092.html @@ -0,0 +1,74 @@ + + +

Monitoring Metrics

+

Function Description

This section describes monitoring metrics reported by WAF to Cloud Eye as well as their namespaces and dimensions. You can use the management console or APIs provided by Cloud Eye to query the monitoring metrics of the monitored object and alarms generated for WAF.

+
+

Namespace

SYS.WAF

+

A namespace is an abstract collection of resources and objects. Multiple namespaces can be created in a single cluster, but they are isolated from each other. This enables namespaces to share the same cluster services without affecting each other.

+
+
+

Metrics

+
+ + + + + + + + + + + + + + + + + + + + + + +
Table 1 Monitoring metrics

Metric ID

+

Metric Name

+

Meaning

+

Value Range

+

Measurement Object & Dimension

+

Monitoring Interval (Raw Data)

+

attacks

+

attacks

+

Total number of attacks on a protected domain name in a given period

+

>= 0 count

+

Measurement object: protected domain name

+

Dimension: waf_instance_id

+

5 minutes

+

requests

+

requests

+

Total number of requests for a protected domain name in a given period

+

>= 0 count

+

Measurement object: protected domain name

+

Dimension: waf_instance_id

+

5 minutes

+
+
+
+

Dimensions

+
+ + + + + + + +
Table 2 Dimensions

Key

+

Value

+

waf_instance_id

+

Domain name ID

+
+
+
+
+ diff --git a/docs/waf/umn/waf_01_0093.html b/docs/waf/umn/waf_01_0093.html new file mode 100644 index 00000000..c0afd59a --- /dev/null +++ b/docs/waf/umn/waf_01_0093.html @@ -0,0 +1,45 @@ + + +

Configuring the Minimum TLS Version and Cipher Suite

+

The Transport Layer Security (TLS) protocol provides confidentiality and integrity of data sent between applications over the Internet. HTTPS is a network protocol constructed based on TLS and HTTP for encrypted transmission and identity authentication. When Client Protocol for a domain name to be protected is set to HTTPS, you can use WAF to set the minimum TLS version and cipher suite (a set of cryptographic algorithms) for the domain name. All requests using the TLS earlier than the minimum TLS version cannot access the protected domain names so that your service is secured.

+

If Client Protocol for the domain name to be protected is set to HTTP, TLS is not involved. In this case, skip this section.

+

TLS v1.1 and the default cipher suite are configured by default in WAF for general security. To better protect your services, you are advised to set the minimum TLS version to a later version and cipher suite to the one having higher security.

+

Prerequisites

  • The domain name to be protected has been added.
  • Client Protocol is set to HTTPS for the protected domain name.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall > Domains. Figure 1 shows an example.

    Figure 1 Domains page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. In the Name column, click the target domain name to go to the basic information page.
  5. Click next to the cipher suite name in the row where TLS Configuration locates.

    Figure 2 Modifying TLS configurations
    +

  6. In the TLS Configuration dialog box, select the minimum TLS version and cipher suite. Table 1 describes the parameters.

    Figure 3 TLS Configuration
    + +
    + + + + + + + + + + +
    Table 1 TLS configuration parameters

    Parameter

    +

    Description

    +

    Minimum TLS Version

    +

    Minimum TLS version for accessing the protected domain name

    +
    • TLS v1.1: Requests using TLS v1.1 or later can access the domain name.
    • TLS v1.2: Requests using TLS v1.2 or later can the access domain name.
    +

    Cipher Suite

    +
    • Default cipher suite: Good browser compatibility, most clients supported, sufficient for most scenarios
    • Cipher suite 1: Recommended configuration, best combination of compatibility and security
    • Cipher suite 2: Strict compliance with forward secrecy requirements of PCI DSS and excellent protection, but older browsers may be unable to access the websites
    • Cipher suite 3: Support for ECDHE, DHE-GCM, and RSA-AES-GCM algorithms but not CBC
    +
    NOTICE:

    Cipher suite 2 is not supported if TLS v1.1 is selected.

    +
    +
    +
    +

  7. Click OK.
+
+
+
+
+
Parent topic: Domain Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0094.html b/docs/waf/umn/waf_01_0094.html new file mode 100644 index 00000000..5f50b3c6 --- /dev/null +++ b/docs/waf/umn/waf_01_0094.html @@ -0,0 +1,52 @@ + + +

Modifying the Alarm Page

+

If a visitor triggers block by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as required.

+
  • Custom: The content of the text/html, text/xml, and application/json pages can be configured on the custom block page to be returned.
  • Redirection: The root domain name of the redirection address must be the same as the currently protected domain name, including a wildcard domain name. For example:
    • If the protected domain name is www.example.com and the port number is 8080, the redirection URL can be set to http://www.example.com:8080/error.html.
    • If the protected wildcard domain name is *.example.com and the port number is 8080, the redirection URL can be set to http://*.example.com:8080/error.html.
    +
+

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been added.
+
+

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall > Domains. Figure 1 shows an example.

    Figure 1 Domains page
    +

    In the upper part of the domain name list, click Quota details to view the domain name quota.

    +
    +

  4. In the Name column, click the target domain name to go to the basic information page.
  5. Click next to the template name in the row where Alarm Page locates.

    Figure 2 Modifying Alarm Page
    +

  6. In the Alarm Page dialog box, select a template in the Page Template field.

    • If Default is selected for Page Template, the block page with the built-in HTTP return code 418 is returned by default.
      Figure 3 Default alarm page
      +
    • If Custom is selected for Page Template, configure the parameters as needed. Table 1 describes the parameters.
      Figure 4 Custom alarm page
      + +
      + + + + + + + + + + + + + +
      Table 1 Parameters for the custom alarm page

      Parameter

      +

      Description

      +

      HTTP Return Code

      +

      Return code configured on a custom page

      +

      Block Page Type

      +

      The options are text/html, text/xml, and application/json.

      +

      Page Content

      +

      Configure the page content based on the page type specified in Block Page Type.

      +
      +
      +
    • If Redirection is selected for Page Template, configure the redirection URL as prompted.

      The root domain name of the redirection URL must be the same as the currently protected domain name, including a wildcard domain name. Examples:

      +
      • If the protected domain name is www.example.com and the port number is 8080, the redirection URL can be set to http://www.example.com:8080/error.html.
      • If the protected wildcard domain name is *.example.com and the port number is 8080, the redirection URL can be set to http://*.example.com:8080/error.html.
      +
      Figure 5 Redirection alarm page
      +
    +

  7. Click OK.
+
+
+
+
+
Parent topic: Domain Management
+
+
+ diff --git a/docs/waf/umn/waf_01_0095.html b/docs/waf/umn/waf_01_0095.html new file mode 100644 index 00000000..83bddecd --- /dev/null +++ b/docs/waf/umn/waf_01_0095.html @@ -0,0 +1,13 @@ + + +

Why Do Cookies Contain the CLOUDWAFSESID and CLOUDWAFSESTIME Fields After a Domain is Connected to WAF?

+

When a visitor accesses a protected domain name, WAF automatically inserts the CLOUDWAFSESID and CLOUDWAFSESTIME fields into the cookie of the access request. The fields are described as follows:

+
  • CLOUDWAFSESID: indicates the session ID of WAF.
  • CLOUDWAFSESTIME: indicates the timestamp of WAF.
+

Fields CLOUDWAFSESID and CLOUDWAFSESTIME inserted into cookies are used for WAF to implement its functions only, such as statistical functions. There are no impacts on web services.

+
+
+
+
Parent topic: General
+
+
+