Category | Feature | Use Cases | Default Configuration |
(Network layer Anti-DDoS) | Automatic mitigation protects against DDoS attacks on Layer 4 services (TCP/UDP applications). For example: Routine protection: Use a balanced protection level to discard traffic exhibiting obvious DDoS attack characteristics.Attack passthrough emergency recovery: Use the strict protection level to discard all traffic suspected of DDoS attacks. | Protection Level: Balanced | |
| Discard or allow traffic from specified IPs. For example: Allow internal calls: Allow internal service IP address 11.11.11.11 to permit frequent access between services. | None. | |
| Blocks client access from specified regions. For example: Block traffic from outside the Chinese mainland: Discard traffic with source IPs from regions outside the Chinese mainland. | None. | |
| Discard or allow traffic from a specified source port/destination port. For example: Discard high-risk reflection ports: Discard traffic with source ports matching UDP 53 to prevent access to private UDP protocol applications. | None. | |
| Discard traffic containing specified data or parameters. For example: Discard abnormally long UDP packets: Discard UDP traffic with length exceeding 500. | None. | |
| Discard traffic with specified IP protocols. For example: Block external PING commands: Configure to block ICMP protocol traffic. | None. | |
| Block abnormal TCP behaviors such as high-frequency connection attempts and abnormal connections. | None. | |
Web Protection | Mitigate HTTP/HTTPS DDoS attacks, including high-frequency access attacks and slow-rate attacks. | Adaptive Frequency Control Restriction Level: Adaptive - Lenient Action: JavaScript Challenge Slow-rate Attack Protection Not enabled Intelligent Client Filtering Action: JavaScript Challenge | |
| Blocking exploit attacks against Web applications (SQL injection, cross-site scripting, remote command execution, and so on). For example: Block Apache log4j vulnerability: Enable log4j-related rules in open-source component vulnerabilities for blocking. | Enable all rules to Observation Mode | |
| Take action on requests based on headers and IP address. For example: Hotlink Protection: Block requests by matching Referer headers. Region Blocking: Block requests by matching the client IP address region. IP blocklist: Block by specified IP address or IP address groups. | None. | |
| Block clients that exceed the preset access rate. For example: Block clients that cause a large number of errors on the origin server in a short time: Set the allowed rate of origin errors per IP address, and block access to the origin when the threshold is exceeded. Block account IDs that access specific APIs with excessive frequency: Set the allowed access frequency per account (specifying the parameter location of the account ID) for designated APIs, and block account access when the threshold is exceeded. Block clients with excessive client fingerprint (JA3 fingerprint) access frequency: Set the access rate limit per JA3 fingerprint (that is, TLS fingerprint). Requests exceeding the threshold from identical fingerprints will be blocked. | None. | |
| Skipping protection rules in Web protection by module. For example: Allow internal services: Set an internal service IP list and specify the API path to permit clients on the list unrestricted access to the path. | None. | |
| Bypass specified managed rules. For example: Allow user-generated content uploads: When requests contain parameters with user-authored content, configure the business path and false positive rules to allow the requests. | None. | |
Bot Management | Intercept Bot requests by risk level. (Suitable for rapidly enabling Bot management policies and establishing Bot access profiles.) For example: Block CDN resource abuse (hotlinking): Block malicious Bot requests. | None. | |
| Handle crawlers for search engines, open-source development tools, and commercial purposes. For example: Allow Google search engine crawlers to access: Use the signature-based ruleset for search engines to configure Google crawlers to be allowed. Block cURL tool access: Use the UA signature library to block Web development tools access. | None. | |
| Handle client requests with a history of malicious behavior or high-risk characteristics based on IP address threat intelligence. For example: Block VPN / proxy requests: Block client requests identified as malicious proxies, fast-flux IP addresses, or proxy IP address pools. | None. | |
| Block requests with abnormal browser runtime environment and access behavior. For example: Cookie Challenge: Enable cookie validation to block clients that do not support cookies. Block automated tool access: Enable client behavior validation to identify automated tools with abnormal JavaScript runtime environments and access behavior. | None. | |
| Based on the Bot access characteristics, headers, and client IP address of requests, combat Bot tools. This feature provides more mitigation options for Bot defense. For example: Mitigate malicious bots accessing sensitive services: Match based on access paths and client profiling, and configure observation, silent blocking, and delayed response with specific weights. | None. | |
フィードバック