更新时间:2024-10-28 16:49:18
There are many scanner tools published on the Internet, and less technical requirements are required to lunch a scanning activiy, therefore the cost is very low. Attackers can easily utilize automated tools to quickly scan the target network for open ports and vulnerabilities for potential attacks.
Example: The website www.new.com is a newly launched website, so many attackers are trying to scan vulnerabilities. To prevent potential attacks, a combanition WAF protection policies should be applied, including:
By default, WAF managed rules can recognize the scan behaviors and scanner characteristics, just need to confirm the WAF protection is enabled. Other policies can be configured as follow:
Directly blocking scanner IP to prevent website vulnerabilities from being exposed.
Configure Protected Target: select “Website”.
Configure Match Conditions: select Object as “Response Code”, Operatoer as “equals”, and type the content “404”.
Configure Counts: select Client Identifier as “Client IP”, Thigger Condition as “Within 10 seconds, the 100th request starts the action.”, Action as “Deny”, and set the Action Expiration Time “600 seconds”, finally set the Effective Time Period as “All Time”.
Click Confirm to create this rule.
Click Public Change, then Publish to Protection.