Actions
Last update:2026-02-04 17:30:22
Action
In response to triggering rules, you can specify the response to be executed when a rule or security policy is triggered. You can choose from predefined actions or provide a custom response for denied operations.
The supported actions include:
| Actions | Description | Use in |
|---|---|---|
| Not Used | Select if you do not want a policy or rule to take effect. | WAF, Bot Management, API Security, Threat Intelligence, Custom Rules, Rate Limiting |
| Skip | Do not execute this detection and continue further detections. | Bot Management |
| Log | Log the request and continue further detections. | DDoS Protection, WAF, Bot Management, API Security, Threat Intelligence, Custom Rules, Rate Limiting |
| Cookie Verification | Respond with a 302 redirect response and a Set-Cookie header to verify if the client supports cookies. Only applicable to Web/H5 applications accessed from browsers. Please use it carefully. | Rate Limiting |
| JavaScript Verification | Respond with a piece of JavaScript code to verify if client supports JavaScript, without any user awareness. Upon successful verification, the browser automatically redirects to the original request. Only applicable to HTML requests of Web/H5 applications, please use it carefully. | Rate Limiting |
| JavaScript Challenge | Respond with a JavaScript challenge page that automatically detects whether the client is a genuine browser environment or an automated tool. Users need to wait a few seconds for the challenge to complete. Upon successful challenge, the browser automatically redirects to the original request. Only applicable to HTML requests of Web/H5 applications, please use it carefully. | Rate Limiting |
| DDoS Managed Challenge | Adaptively respond with a cookie or JavaScript challenge action based on the requested content type. Available only for some DDoS managed rules. | DDoS Protection |
| Bot Managed Challenge | Adaptively respond with a cookie or JavaScript challenge action based on the requested content type. Available only for Web Site Risk Detection. | Bot Management |
| Delay | Delay the response to the client by 3 seconds. | Custom Rules, Rate Limiting |
| Deny | Deny the request by sending a default 403 response. | DDoS Protection, WAF, Bot Management, API Security, Threat Intelligence, Custom Rules, Rate Limiting |
| Reset Connection | Send an RST to the client to close the established TCP connection without responding to the HTTP request. | Custom Rules, Rate Limiting |
| Deny Connection | Reset established TCP connections with client and do not receive new connections from the same client IP. | DDoS Protection |
| Custom Actions | Deny the request and respond to the client according to the defined status code, Content-Type, and content. | Custom Rules, Rate Limiting |
| CAPTCHA (Be discontinued) | Respond with a sliding CAPTCHA to verify if the client is human. This action will be discontinued in the next version. It is recommended to use the Interactive Captcha action for a better user experience. | Rate Limiting |
| Interactive Captcha | Respond with an interactive CAPTCHA to verify if the client is human. | Rate Limiting |
| IP Blocking | When a request triggers the conditions, all requests from the IP will be blocked. | Rate Limiting |
Is the content of this document helpful to you?
Yes
I have suggestion