防护策略配置
<p class="shortdesc">本章介绍如何对已接入的资产进行防护策略配置。 </p>
<section class="section prereq" id="dc_waf_cfg_0007__prereq_uqt_rj4_nrb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div>
<p class="p">您已购买Web应用防火墙服务,并且完成资产接入。</p>
</section>
<section class="section context" id="dc_waf_cfg_0007__context_t4v_qkp_vrb"><div class="tasklabel"><h2 class="doc-tairway">背景信息</h2></div>
<p class="p">每条防护策略默认对所有资产生效,如果希望某个资产不启用某一条策略,可以单击该策略后面的<span class="ph uicontrol">禁用</span>,在禁用配置页面勾选站点并新增配置,系统不再使用这条策略对站点进行防护。</p>
<p class="p">对某条策略选择检测时,当访问站点的流量匹配该策略时,WAF会 放行流量,只记录日志。</p>
</section>
<section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/" target="_blank" rel="external noopener">平安金融云官网</a>。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">单击页面右上角<span class="ph uicontrol">控制台</span>按钮。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">输入账号名和密码,通过验证,单击<span class="ph uicontrol">确定</span>,登录控制台。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">在左侧导航栏中单击<span class="ph menucascade"><span class="ph uicontrol">全部产品</span><abbr> > </abbr><span class="ph uicontrol">Web应用防火墙</span></span> ,进入<span class="keyword wintitle">概览</span>页面。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">单击<span class="ph uicontrol">管理</span>跳转到<span class="keyword wintitle">防护概览</span>页面,单击左侧导航栏<span class="ph menucascade"><span class="ph uicontrol">防护配置</span><abbr> > </abbr><span class="ph uicontrol">防护策略配置</span></span>,进入<span class="keyword wintitle">防护策略配置</span>页面。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">根据需要选择匹配模式,系统支持以下两种模式:</span>
<div class="itemgroup info">
<ul class="ul" id="dc_waf_cfg_0007__ul_fqg_hnp_vrb">
<li class="li">极速模式:启用后,WAF对站点上静态资源的访问流量不进行安全检测,可以提高转发效率,从而提升访问速度,适用于对安全要求不高的场景。</li>
<li class="li">极速模式:系统对资产上所有资源的访问流量都进行安全检测。</li>
</ul>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">在右上角选择威胁等级或输入站点域名、策略名称/ID,单击<span class="ph uicontrol">搜索</span>可以对指定策略进行配置。</span>
<div class="itemgroup info">
<img class="image" id="dc_waf_cfg_0007__image_q12_g2m_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-1b456c989001.png" width="830">
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">选择目标策略,单击<span class="ph uicontrol">禁用</span>进入<span class="keyword wintitle">策略配置-禁用</span>页面。</span>
<div class="itemgroup info">
<img class="image" id="dc_waf_cfg_0007__image_kpb_42m_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-1d73b0bf94cb.png" width="700">
<p class="p">根据实际需求选择基于<strong class="ph b">站点级</strong>或<strong class="ph b">URL级</strong>禁用:</p>
<ul class="ul" id="dc_waf_cfg_0007__ul_fjx_v2m_rrb">
<li class="li">站点级禁用:搜索找到目标站点,选中并单击<span class="ph uicontrol">增加配置</span>,那么这条策略对选中的站点不再生效。<img class="image" id="dc_waf_cfg_0007__image_snm_jfm_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-132c19b5982b.png" width="650"></li>
<li class="li">URL级禁用:先输入站点域名,再输入具体URL,然后单击<span class="ph uicontrol">确认</span>,则此条策略对于该URL不再生效。<img class="image" id="dc_waf_cfg_0007__image_jc4_5fm_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-1809bc5b9976.png" width="650"></li>
</ul>
</div>
<div class="itemgroup info">
<div class="note note note_note" id="dc_waf_cfg_0007__note_atp_zfm_rrb"><span class="note__title">说明:</span>
<ul class="ul" id="dc_waf_cfg_0007__ul_j3q_bgm_rrb">
<li class="li">检测与禁用的配置方法一致。</li>
<li class="li">如果某单条策略针对同一个站点既开启了站点级禁用,又开启了站点级检测,那么最终该站点的对应策略是禁用状态。</li>
<li class="li">如果某策略针对一个站点,开启了站点级禁用的同时,又开启了URL级检测,最终该站点的对应策略是禁用状态。</li>
</ul>
</div>
</div>
</li></ol></section>
提交成功!非常感谢您的反馈,我们会继续努力做到更好!