Action

In response to triggering rules, you can specify the response to be executed when a rule or security policy is triggered. You can choose from predefined actions or provide a custom response for denied operations. The supported actions include:

• Not Used: Select if you don’t a policy or rule take effect.
• Skip: Do not excute this detection and continue further detections.
• Log: Log request and continue further detections.
• Cookie Challenge: Respond a 302 redirect response with the Set-Cookie header to verify if client supports cookie. Only applicable to Web/H5 applications accessed from browser, Please use it carefully.
• JavaScript Challenge: Respond a piece of JavaScript code to verify if client supports JavaScript. Only applicable to HTML requests of Web/H5 applications, please use it carefully.
• DDoS Managed Challenge: Adaptively respond Cookie or Javascript challenge action based on requesting content type, available only for some of DDoS managed rules.
• Bot Managed Challenge: Adaptively respond Cookie or Javascript challenge action based on requesting content type, available only for Web Site Risk Detection.
• Delay: Delay the response to the client by 3 seconds.
• Deny: Deny request by a default 403 response.
• Reset Connection: Send a RST to client to close established TCP connection, without responding HTTP request.
• CAPTCHA: Respond a sliding CAPTCHA to client to verify if client is a human.
• Custom Actions: Deny request and respond to the client according to the defined status code, Content-Type, and content.

Exception

Trusted requests, which can specify that requests meeting certain conditions do not undergo specific security checks.

Whitelist

Trusted requests can specify that certain security checks should not be performed for requests that meet certain criteria.

Publish changes

Publishing the configuration content of the current feature to the production environment, please handle with caution. After issuing the deployment task, it is expected to be completed in 2 minutes.

Policy Duplicator

It is possible to synchronize certain configurations to multiple hostnames simultaneously. This operation will use the selected configuration items of the current hostname to override the corresponding configuration items of the selected hostnames during deployment.

Match Conditions

Specify the range of requests that the security policy needs to detect through conditions such as specified paths, APIs, IPs, request headers, etc.

Action Expiration Time

When a request triggers a security policy, the duration of the response action is maintained. This can limit requests that occur at a high rate.

Shared Configuration

Shared configuration is a configuration that can be used in multiple security policies or multiple hostnames. The purpose is to define and update it in one place, and all hostnames using it will be automatically updated. This eliminates the need to repeatedly configure the same settings in multiple hostnames.