Custom rules allow for controlling the access from public network users by combining and matching HTTP message sections such as request path, GET parameters, POST parameters, Referer, and User-Agent. This feature enables Tencent Cloud users to respond flexibly with a combination of rules to easily block various attacks from the Internet.
- Each custom rule can set up to 5 conditions for section control.
- Conditions in each custom rule are evaluated using a logical AND, that is, the rule does not take effect unless all the conditions are matched.
- For each custom rule to be matched, you can configure two consequential actions: block and allow.
To ban specific IP addresses from access to a designated site, the webmaster can perform configuration with the following steps:
192.168.1.1) banned from access for Content. Then select an action (e.g. “block”), and click Confirm to save the rule.
WAF custom rules allow you to use masks to control access requests from source IPs within a range. We can enter a specific IP address range (e.g.
10.10.10.10/24) in Content.
If the webmaster does not want a public network user to access specified Web resources, such as administration backend
/admin.html, he or she can enter the "Edit Custom Rule" page and configure the following: select "Request Path" for Field, select "equals to" for Condition, enter
/admin.html in Content, select "block" for Action, and click Confirm.
To block hotlink attacks by external sites, such as
www.test.com, the webmaster can use custom rules to capture and block the Referer in a hotlink request. The configuration is as follows: select "Referer" for Field, select "includes" for Condition, enter
www.test.com in Content, select "Block" for Action, and click Confirm.
Previous: Tamper Protection
You can copy the rule you configured to other domain names by using the copy operation.