- Release Notes and Announcements
- Release Notes
- Announcements
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- Combined Application of WAF and Anti-DDoS Pro
- WAF Security Protection for API Gateway
- Applying for and Using Free HTTPS Certificates
- Obtaining Real Client IPs
- Replacing Certificate
- Setting CC Protection
- WAF CCP Overview
- Connecting Frontend-Backend Separated Site to WAF CAPTCHA
- Best Practices of Bot Behavior Management Connection
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- Announcements
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- Combined Application of WAF and Anti-DDoS Pro
- WAF Security Protection for API Gateway
- Applying for and Using Free HTTPS Certificates
- Obtaining Real Client IPs
- Replacing Certificate
- Setting CC Protection
- WAF CCP Overview
- Connecting Frontend-Backend Separated Site to WAF CAPTCHA
- Best Practices of Bot Behavior Management Connection
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
This document describes the information leakage protection feature of WAF. It can filter and then replace, mask, and block sensitive information (e.g., identity card/mobile/bank card numbers), keywords, and response codes returned by websites. This helps meet the requirements of data security protection and cybersecurity classified protection by setting leakage protection rules as needed.
Overview
With the leakage protection feature, you can add protection rules to filter the content returned by websites as needed, such as identity card/mobile/bank card numbers. You can also customize keywords (regex is supported) to filter order numbers and addresses and completely or partially replace them. Moreover, you can block or trigger alarms for status codes other than 200 returned by websites to meet compliance requirements.
Note:CLB WAF doesn't support the data leakage protection feature. For more information on detailed specifications, see Billing Overview.
Prerequisites
You have added a protected domain name to SaaS WAF, and ensured the domain name is in normal protection.
Adding a Rule
- Log in to the WAF console and select Configuration Center > Basic Security on the left sidebar.
- On the basic security page, select the target domain name in the top-left corner and click Data leakage prevention.
- On the page displayed, click Add rule, and the rule adding window will pop up.
- In the pop-up window, configure relevant fields and click OK.
Field description:
- Rule name: Leakage protection rule name of up to 50 characters. You can search for rules by name in attack logs.
- Condition: Match condition for leakage protection. You can select sensitive information, keyword, or response code, and the match content and action type vary by the condition as follows:
| Condition | Content | Action |
|---|---|---|
| Sensitive information | Identity card/mobile/bank card numbers | Alert, Replace all, Show the last 4 digits, Show the first 4 digits, and Block |
| Keyword | Keyword and regex | Alert, Replace all, and Blcok |
| Response code | 400, 403, 404, other 4XX codes, 500, 501, 502, 504, and other 5XX codes | Alert and Block |
- Content: The match content varies by match condition.
- Protected path: Specific path where the information needs to be protected from leakage. You can enter a directory or specific path as needed.
- Action: Action to be executed after the match condition is hit. You can view the relevant hit information in attack logs.
- Once the rule takes effect, it will begin protecting the sensitive information returned in your web pages as shown in the following example that performs the Replace action (demo content):
- Before protection is enabled:
- After protection is enabled:
Search rules
- On the basic security page, select the target domain name in the top-left corner and click Data leakage prevention.
- On the page displayed, click the search box to filter rules by keywords in a rule ID, rule name, and protected path.
Editing a Rule
- On the basic security page, select the target domain name in the top-left corner and click Data leakage prevention.
- On the page displayed, select the target rule, click Edit in the Operation column, and the rule editing window will pop up.
- In the pop-up window, modify relevant parameters and click OK.
Deleting a Rule
- On the basic security page, select the target domain name in the top-left corner and click Data leakage prevention.
- On the page displayed, select the target rule, click Delete in the Operation column, and the deletion confirmation window will pop up.
- In the pop-up window, click OK.
Yes
No
Was this page helpful?