Rule Actions
In response to triggering rules, you can specify the response to be executed when a rule or security policy is triggered. You can choose from predefined actions or provide a custom response for denied operations. The supported actions include:
Rule Action |
Description |
DDoS Protection |
Web Protection |
Bot Mgmt |
API Security |
Threat Intelligence |
Rate Limiting |
Custom Rule |
Deny |
Deny requests by a default 403 response. |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Log |
Only log requests and continue further detection. |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Not Used |
Do not this rule take effects. |
|
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Skip |
Do not execute this detection as well as the further detection. |
|
|
Yes |
|
|
|
|
Delay |
Delay responses to client by 3 seconds. |
|
|
Yes |
|
|
Yes |
Yes |
Deny Connection |
Reset established TCP connections with client and do not recieve new connections from the same client IP. |
Yes |
|
|
|
|
|
|
Reset Connection |
Send a RST to client to close established TCP connection, without responding HTTP request. |
|
|
Yes |
|
|
Yes |
Yes |
Cookie Challenge |
Respond a 302 redirect response with the Set-Cookie header to verify if client supports cookie. Only applicable to Web/H5 applications accessed from browser. |
|
|
|
|
|
Yes |
|
JavaScript Challenge |
Respond a JavaScript code to verify if client supports JavaScript. Only applicable to HTML requests of Web/H5 applications. |
|
|
|
|
|
Yes |
|
DDoS Managed Challenge |
Respond adaptive Cookie or JavaScript challenge action based on request content type, only available for some of DDoS managed rules. |
Yes |
|
|
|
|
|
|
Bot Managed Challenge |
Not an optional action, respond adaptive Cookie or JavaScript authentication on GET requests only when the Web Bot Detection is intercepted. |
|
|
Yes |
|
|
|
|
Add Rules
Items |
Description |
Match Conditions |
Specify the scope of requests that need to be detected by the policy by specifying conditions such as paths, APIs, IP Addresses, and Request Header, etc. |
Client Identifier |
Specify the identity of the client, including Client IP, Cookie, Request Header, etc. |
Trigger Condition |
Specify the conditions that trigger the rule. |
Action Expiration Time |
When a policy is triggered, the expiration time defines the duration of the response action is maintained. This can limit requests that occur at a high rate. |
Effective Time Period |
Specify The time when the rule takes effect. |
Deployment
Action |
Description |
Publish Changes |
Please be caution, this action deploying the configuration of the current function item to the production environment. The deployment is expected to be completed in 2 minutes after the task is delivered. |
Policy Duplicator |
Synchronize certain configuration to other hostnames simultaneously. This operation overwrites the corresponding configuration items of the selected hostname with the selected configuration items of the current domain name during deployment. |