Release Notes and Announcements

Release Notes

Security Announcement

Announcements

Product Introduction

Overview

Strengths

Use Cases

Comparison Between EdgeOne and CDN Products

Use Limits

Purchase Guide

Description of Trial Plan Experience Benefits

Free Plan Guide

Billing Overview

Billing Items

Subscriptions

Renewals

Instructions for overdue and refunds

Comparison of EdgeOne Plans

About "clean traffic" billing instructions

DDoS Protection Capacity Description

Getting Started

Choose business scenario

Quick access to website security acceleration

Quick deploying a website with Pages

Domain Service&Origin Configuration

Domain Service

HTTPS Certificate

Origin Configuration

Site Acceleration

Overview

Access Control

Smart Acceleration

Cache Configuration

File Optimization

Network Optimization

URL Rewrite

Modifying Header

Modify the response content

Rule Engine

Image&Video Processing

Speed limit for single connection download

DDoS & Web Protection

Overview

DDoS Protection

Web Protection

Bot Management

API Discovery（Beta）

Edge Functions

Overview

Getting Started

Operation Guide

Runtime APIs

Sample Functions

Best Practices

Pages

L4 Proxy

Overview

Creating an L4 Proxy Instance

Modifying an L4 Proxy Instance

Disabling or Deleting an L4 Proxy Instance

Batch Configuring Forwarding Rules

Obtaining Real Client IPs

Data Analysis&Log Service

Log Service

Data Analysis

Alarm Service

Site and Billing Management

Billing Management

Site Management

Version Management

General Policy

General Reference

Configuration Syntax

Request and Response Actions

Country/region and Corresponding Codes

Terraform

Overview

Installing and Configuring Terraform

Practical Tutorial

EdgeOne Skill User Guide

Automatic Warm-up/Cache Purge

Resource Abuse/hotlinking Protection Practical

HTTPS Related Practices

Acceleration Optimization

Scheduling Traffic

Data Analysis and Alerting

Log Platform Integration Practices

Configuring Origin Servers for Cloud Object Storage (Such As COS)

CORS Response Configuration

API Documentation

History

Introduction

API Category

Making API Requests

Site APIs

Acceleration Domain Management APIs

Site Acceleration Configuration APIs

Edge Function APIs

Alias Domain APIs

Security Configuration APIs

Layer 4 Application Proxy APIs

Content Management APIs

Data Analysis APIs

Log Service APIs

Billing APIs

Certificate APIs

Origin Protection APIs

Load Balancing APIs

Diagnostic Tool APIs

Custom Response Page APIs

API Security APIs

DNS Record APIs

Content Identifier APIs

Legacy APIs

Ownership APIs

Image and Video Processing APIs

Multi-Channel Security Gateway APIs

Version Management APIs

Data Types

Error Codes

FAQs

Product Features FAQs

DNS Record FAQs

Domain Configuration FAQs

Site Acceleration FAQs

Data and Log FAQs

Security Protection-related Queries

Origin Configuration FAQs

Troubleshooting

Reference for Abnormal Status Codes

Troubleshooting Guide for EdgeOne 4XX/5XX Status Codes

520/524 Status Code Troubleshooting Guide

521/522 Status Code Troubleshooting Guide

Tool Guide

Agreements

Service Level Agreement

Origin Protection Enablement Conditions of Use

TEO Policy

Data Processing And Security Agreement

Glossary

Web Protection

PDF

Focus Mode

Font Size

Last updated: 2023-04-13 11:14:30

Web Protection
Introduction
Web Protection features a rule library with 500+ rules and an AI engine. It provides application layer protection for sites using the HTTP/HTTPS protocol.
Web/Bot protection actions
The web protection and bot protection features allow you to set actions based on your business scenarios. The actions available are as follows:
Block: Block the request, return a block page, and log the attack.
Observe: Allow the request, and log the attack.
Allow: Allow the request and do not log it as an attack.
Basic Web Protection
Provide protection rules developed by Tencent Cloud over the years, delivering very low false negative and false positive rates, and fast responses to 0day threats.
1. Log in to the EdgeOne console and choose Security > Web Protection in the left sidebar.
2. Select a site. Turn on/off the switch 
﻿
 in the basic web protection module. If it’s off, all traffic is allowed. Configurations are not affected by the toggle status.
﻿
3. To configure and modify the module, click Set.
﻿
4. Manage the defense mode, defense level, and rule list as needed.
﻿
Parameter description:
Mode: Select Block or Observe.
Block(Default): Block and log the attack.
Observe: Allow the traffic and keep a log. It’s usually used to check whether there are false positives during policy evaluation. To protect your sites, switch it to Block after the evaluation.
Level: Options include Super strict, Strict, Moderate, and Loose. A stricter mode blocks all suspicious requests. The false positive rate is relatively higher. In a less strict mode, only highly suspicious attacks are blocked. This reduces the false positive rate, but also lowers the security level.
A rule list contains the following configuration items:
Rule ID: The unique identifier of a rule, which is used to track attack logs.
Attack type: Type of the attack.
Rule level: The defense level of a rule. You can batch enable/disable rules with the same defense level.
Rule description: Details of a rule
Toggle: Enable/disable a rule.
Custom Rule
You can create different custom rules according to you business requirement.
Adding a rule
1. On the web protection page, select a site. Click Set in the custom rule module.
﻿
2. On the custom rule page, click Add rule. Set the rule name, matching method, action, and priority.
﻿
Parameter description:
Rule name: A unique rule name ([a-z], [A-Z], [0-9] and [_]). If it’s left empty, a random name is generated automatically.
Matching method: It consists of configuration items such as the protocol field (http/https) and the logical operator (include/equal to). Each rule can have up to 5 conditions, which are combined with "AND". Each field can only be configured in onr rule.
Action: Options include Allow, Block, and Observe.
Allow: Allow requests that hit the rule.
Block: Block requests that hit the rule, log them as attacks and return a block page.
Observe: Allow requests that hit the rule, and log them as attacks.
Priority: Execution order of a rule. Custom rules with higher priority (a larger priority value) take precedence over those with lower priority (a smaller priority value). For custom rules with the same priority, the later-added one will be executed first.
3. Click OK.
Enabling a rule
1. On the web protection page, select a site. Click Set in the custom rule module.
﻿
2. On the custom rule page, you can enable one or more rules.
To enable a single rule, toggle it on.
To enable multiple rules, select rules to enable, and click Enable at the top of the list.
﻿
Disabling a rule
1. On the web protection page, select a site. Click Set in the custom rule module.
﻿
2. On the custom rule page, you can disable one or more rules.
To disable a single rule, toggle it off.
To disable multiple rules, select rules to enable, and click Disable at the top of the list.
﻿
Deleting a rule
1. On the web protection page, select a site. Click Set in the custom rule module.
﻿
2. On the custom rule page, select a rule you want to delete, and click Delete on the right.
﻿
3. In the pop-up window, click Delete.
Rate Limiting
This feature enables you to limit the frequency of a source IP accessing third-level domain names. If the access frequency is exceeded, the source IP will be blocked for a period of time.
Adding a rule
1. On the web protection page, select a site. Click Set in the rate limiting module.
﻿
2. On the rate limiting page, click Add rule. Set the rule name, matching method, access frequency, action, penalty duration, and priority.
﻿
Parameter description:
Rule name: It consists of letters, digits, and underscores. A rule name will be generated automatically if this parameter is left empty. Note that a rule name must be unique.
Matching method: It consists of configuration items such as the protocol field (http/https) and the logical operator (include/equal to). Up to 5 conditions per rule are allowed, and the relation among conditions is "AND". Note that the same field can only be configured once in each rule.
Access frequency: The frequency of a source IP accessing the current third-level domain name.
Action: Options include Block and Observe.
Block: Block requests that hit the rule, log them as attacks and return a block page.
Observe: Allow requests that hit the rule, and log them as attacks.
Penalty duration: The validity of the action.
Priority: Execution order of a rule. Custom rules with higher priority (a larger priority value) take precedence over those with lower priority (a smaller priority value). For custom rules with the same priority, the later-added one will be executed first.
3. Click OK.
Enabling a rule
1. On the web protection page, select a site. Click Set in the rate limiting module.
﻿
2. On the rate limiting page, you can enable one or more rules.
To enable a single rule, turn on the switch 
﻿
 on the right of the rule.
To enable multiple rules, select rules to enable, and click Enable at the top of the list.
﻿
Disabling a rule
1. On the web protection page, select a site. Click Set in the rate limiting module.
﻿
2. On the rate limiting page, you can disable one or more rules.
To disable a single rule, turn off the switch 
﻿
 on the right of the rule.
Batch delete: Select rules to delete, and click Disable.
﻿
Deleting a rule
1. On the web protection page, select a site. Click Set in the rate limiting module.
﻿
2. On the rate limiting page, select a rule to delete, and click Delete on the right.
﻿
3. In the pop-up window, click Delete.