<p class="shortdesc">本章介绍如何对已接入的资产进行防护策略配置。 </p> <section class="section prereq" id="dc_waf_cfg_0007__prereq_uqt_rj4_nrb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">您已购买Web应用防火墙服务，并且完成资产接入。</p> </section> <section class="section context" id="dc_waf_cfg_0007__context_t4v_qkp_vrb"><div class="tasklabel"><h2 class="doc-tairway">背景信息</h2></div> <p class="p">每条防护策略默认对所有资产生效，如果希望某个资产不启用某一条策略，可以单击该策略后面的<span class="ph uicontrol">禁用</span>，在禁用配置页面勾选站点并新增配置，系统不再使用这条策略对站点进行防护。</p> <p class="p">对某条策略选择检测时，当访问站点的流量匹配该策略时，WAF会 放行流量，只记录日志。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/" target="_blank" rel="external noopener">平安金融云官网</a>。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击页面右上角<span class="ph uicontrol">控制台</span>按钮。</span> </li><li class="li step stepexpand"> <span class="ph cmd">输入账号名和密码，通过验证，单击<span class="ph uicontrol">确定</span>，登录控制台。</span> </li><li class="li step stepexpand"> <span class="ph cmd">在左侧导航栏中单击<span class="ph menucascade"><span class="ph uicontrol">全部产品</span><abbr> > </abbr><span class="ph uicontrol">Web应用防火墙</span></span> ，进入<span class="keyword wintitle">概览</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">管理</span>跳转到<span class="keyword wintitle">防护概览</span>页面，单击左侧导航栏<span class="ph menucascade"><span class="ph uicontrol">防护配置</span><abbr> > </abbr><span class="ph uicontrol">防护策略配置</span></span>，进入<span class="keyword wintitle">防护策略配置</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">根据需要选择匹配模式，系统支持以下两种模式：</span> <div class="itemgroup info"> <ul class="ul" id="dc_waf_cfg_0007__ul_fqg_hnp_vrb"> <li class="li">极速模式：启用后，WAF对站点上静态资源的访问流量不进行安全检测，可以提高转发效率，从而提升访问速度，适用于对安全要求不高的场景。</li> <li class="li">极速模式：系统对资产上所有资源的访问流量都进行安全检测。</li> </ul> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在右上角选择威胁等级或输入站点域名、策略名称/ID，单击<span class="ph uicontrol">搜索</span>可以对指定策略进行配置。</span> <div class="itemgroup info"> <img class="image" id="dc_waf_cfg_0007__image_q12_g2m_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-1b456c989001.png" width="830"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">选择目标策略，单击<span class="ph uicontrol">禁用</span>进入<span class="keyword wintitle">策略配置-禁用</span>页面。</span> <div class="itemgroup info"> <img class="image" id="dc_waf_cfg_0007__image_kpb_42m_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-1d73b0bf94cb.png" width="700"> <p class="p">根据实际需求选择基于<strong class="ph b">站点级</strong>或<strong class="ph b">URL级</strong>禁用：</p> <ul class="ul" id="dc_waf_cfg_0007__ul_fjx_v2m_rrb"> <li class="li">站点级禁用：搜索找到目标站点，选中并单击<span class="ph uicontrol">增加配置</span>，那么这条策略对选中的站点不再生效。<img class="image" id="dc_waf_cfg_0007__image_snm_jfm_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-132c19b5982b.png" width="650"></li> <li class="li">URL级禁用：先输入站点域名，再输入具体URL，然后单击<span class="ph uicontrol">确认</span>，则此条策略对于该URL不再生效。<img class="image" id="dc_waf_cfg_0007__image_jc4_5fm_rrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-1809bc5b9976.png" width="650"></li> </ul> </div> <div class="itemgroup info"> <div class="note note note_note" id="dc_waf_cfg_0007__note_atp_zfm_rrb"><span class="note__title">说明：</span> <ul class="ul" id="dc_waf_cfg_0007__ul_j3q_bgm_rrb"> <li class="li">检测与禁用的配置方法一致。</li> <li class="li">如果某单条策略针对同一个站点既开启了站点级禁用，又开启了站点级检测，那么最终该站点的对应策略是禁用状态。</li> <li class="li">如果某策略针对一个站点，开启了站点级禁用的同时，又开启了URL级检测，最终该站点的对应策略是禁用状态。</li> </ul> </div> </div> </li></ol></section>