Managing Application Protection Policies

Constraints

• Currently, only Linux servers are supported.
• So far, only Java applications can be protected.
• The premium, WTP, and container editions support operations related to application protection.

Adding a Protection Policy

1. Log in to the management console.
2. Click in the upper left corner of the page, select a region, and choose Security > HSS. The HSS page is displayed.
3. Choose Prevention > Application Protection and click Protection Policies. For details about the parameters, see Table 1.
   

   If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

   Figure 1 Viewing the protection policies
   

   Table 1 Protection policy parameters

   Parameter	Description
   Policy Name	Protection policy name
   Detection Rule	Detection rules supported by a policy.
   Associated Servers	Number of servers bound to a policy.

4. Click Add Policy. In the dialog box that is displayed, enter the policy name, select the rules to be detected, and configure details about some detection rules. For details about the parameters, see Table 2.
   Figure 2 Adding a protection policy
   

   Table 2 Application protection policy parameters

   Parameter	Description
   Policy Name	User-defined policy name
   Enabled	Whether to enable a detection rule for the current policy. You can select detection rules to enable them as required.
   Detection Rule ID	ID of a detection rule
   Action	Protection action of a detection rule. Detect: Detects objects based on the target rule and reports alarms for detected risk events. Detect and block: Detects objects based on the target rule, reports alarms for detected risk events, and directly blocks or intercepts detected risk items. NOTICE: Blocking or interception may interrupt services. Exercise caution when enabling this function
   Description	Description about the detected object and behavior of the target protection policy.

5. Click Configure in the Operation column of a detection rule to modify the rule content. Table 3 describes the supported detection rules.

   Table 3 Detection rules that can be configured only

   Rule	Description	Example
   XXE	User-defined XXE blacklist protocol	.xml;.dtd;
   XSS	User-defined XSS shielding rules	xml;doctype;xmlns;import;entity
   WebShellUpload	User-defined suffix of files in the blacklist.	.jspx;.jsp;.jar;.phtml;.asp;.php;.ascx;.ashx;.cer
   FileDirAccess	User-defined path of files in the blacklist.	/etc/passwd;/etc/shadow;/etc/gshadow;

6. Confirm the configured policy and selected detection rules, and click OK. You can check whether the rule is added on the Protection Policy tab page.

Editing a Protection Policy

1. Log in to the management console and go to the HSS page.
2. Choose Prevention > Application Protection and click Protection Policies. For details about the parameters, see Table 4.
   

   If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

   Figure 3 Viewing the protection policies
   

   Table 4 Protection policy parameters

   Parameter	Description
   Policy Name	Protection policy name
   Detection Rule	Detection rules supported by a policy.
   Associated Servers	Number of servers bound to a policy.

3. Click Edit in the Operation column of a policy to configure the policy name, supported detection rules, and rule content.

   Table 5 Application protection policy parameters

   Parameter	Description
   Policy Name	User-defined policy name
   Enabled	Whether to enable a detection rule for the current policy. You can select detection rules to enable them as required.
   Detection Rule ID	ID of a detection rule
   Action	Protection action of a detection rule. Detect: Detects objects based on the target rule and reports alarms for detected risk events. Detect and block: Detects objects based on the target rule, reports alarms for detected risk events, and directly blocks or intercepts detected risk items. NOTICE: Blocking or interception may interrupt services. Exercise caution when enabling this function
   Description	Description about the detected object and behavior of the target protection policy.

4. Confirm the configured rule and selected detection items and click OK. You can check whether the target policy is modified on the Protection Policy tab page.

Deleting a Policy

1. Log in to the management console and go to the HSS page.
2. Choose Prevention > Application Protection and click Protection Policies. For details about the parameters, see Table 6.
   

   If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

   Figure 4 Viewing the protection policies
   

   Table 6 Protection policy parameters

   Parameter	Description
   Policy Name	Protection policy name
   Detection Rule	Detection rules supported by a policy.
   Associated Servers	Number of servers bound to a policy.

3. Click Delete in the Operation column of the target policy. In the dialog box that is displayed, confirm the policy information and click OK.
   

   If the policy to be deleted is associated with a server, bind the server to another protection policy first. Otherwise, the Delete button of the target policy is hidden.