Custom Rules

最終更新日:2024-10-28 17:27:36

Custom rules are used to perform specified actions for requests that meet certain conditions. With custom rules, you can:

  • Handle scenarios not covered by standard policies.
  • Act as a virtual patch to quickly fix new vulnerabilities appearing on the website.

To configure Custom Rules:

  1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
  2. Go to Security Settings > Policies.
  3. Find the hostname for which you want to configure security policies, click [New Feature] WAF Rule Template .
  4. Go to Custom Rules tab. If this policy is off, turn it on.

Create a custom rule

  • On the Custom Rules tab. Click Create.
  • In Rule Name, enter a name for the custom rule.
  • If you want, enter a Description.
  • Select a matching object.
  • At least one matching condition must be configured. If multiple values can be entered for the same matching condition, the relationship between these values is “or”. Please separate different values by line breaks. Please separate different values with a new line. The supported matching conditions can be found in the Match Conditions.
  • If you want, add another rule condition. When you set multiple conditions, they’re strung together with an AND operator.
  • Select the Action.
  • Click Confirm.
  • Click Publish Changes to make the configuration take effect.

Example

Example 1: Block low version UA. Configuration is as follows:

  • Rule Name: Block low version UA
  • Protected Target: Website
  • Match Conditions: User-Agent equals Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
  • Action: Block

Example 2: Block requests carrying specific request headers. Configuration is as follows:

  • Rule Name: Intercept requests carrying specific request headers
  • Protected Target: Website
  • Match Conditions: Requeset Header Header Name: spider-name contains Header Value: crawlergo
  • Action: Block

Example 3: Prohibit requests with an empty Referer value. Configuration is as follows:

  • Rule Name: Prohibit requests with an empty Referer value
  • Protected Target: Website
  • Match Conditions: referer has no value AND Path equals /getUserInfo
  • Action: Block