- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Custom Referer Anti-leeching
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Best Practices
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Custom Referer Anti-leeching
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Best Practices
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
The Web protection module provides multiple action options. Different feature modules support different actions, please refer to the specific feature module document.
Action | Use Case | Action Description | Subsequent Action |
Block | Used to block requests to access a site (including cached or non-cached content). | Respond with block page and block status code. | No longer
matches other policies |
Allow | Used to skip the remaining rules in the current security module. | In the current module, the remaining rules will no longer match this request. | Continue to match other effective rules |
Monitor | Used to evaluate or grayscale its security policies. | Logs are only recorded, no actions are taken. | Continue to match other rules |
Redirect | Used to provide standby resources and improve user access experience when blocked. | Redirect to the specified URL. | No longer
matches other policies |
ReturnCustomPage | Used to provide block pages with a better experience. Used to be compatible with the API format and respond to error messages that the API can parse. Used to monitor business and monitor blocked requests by specifying status codes. | Returns a custom error page and status code. Supports referencing page content defined in the Custom Error Page feature. | No longer
matches other policies |
BlockIP | Used to punish malicious clients. | When a request matches the conditions, discard requests from that client IP within a period of time. | No longer
matches other policies |
JSChallenge | Used to identify tool clients that do not support JavaScript, frequently seen in DDoS attack sources. | Respond with an HTTP 302 redirect page, the page carries JavaScript code to verify the client browser behavior, and only the visitors that passes the verification can continue to access. | Requests that pass the challenge continue to match other rules |
ManagedChallenge | Used for Bot defense, JavaScript challenge verification is first performed, and then CAPTCHA human verification is performed on requests that pass the verification. | First take the JavaScript challenge. For clients that pass the verification, they need to respond to the redirection (HTTP 302) page and carry the verification code for verification, and the user completes the verification through interactive operations. Only visitors who pass both verifications can continue to visit. | Requests that pass the challenge continue to match other rules |
Yes
No
Was this page helpful?