This document will guide you on how to use the Business Security Protection feature to perform risk value assessments on specified requests processed by WAF. By leveraging Threat Levels and Risk Type Tags, you can assist in analyzing risks associated with accounts, user behavior, and the environment, enabling quick interception of threatening requests to protect website business security.
Background
Business Security Protection offers protection for specific URLs through account information extraction and risk assessment, providing precise protection for scenarios such as Registration Protection, Login Protection, and Activity Anti-Brushing. Together with WAF's session-based CC Defense feature and BOT Behavior Management feature, it builds an anti-crawling, anti-brushing, and defense system to safeguard your business security.
Creating New Rule
1. Log in to the WAF Console, select BOT and Business Security > Business Security from the left navigation bar.
2. On the Business Security page, select the domain you want to protect in the top left corner, click Add Rule to enter the Add Business Security Policy page.
3. On the Add Business Security Policy page, fill in the relevant fields, click Confirm.
Field Description:
Policy Name: Business security policy name, up to 50 characters. You can search for policies by name in attack logs.
Protective URI: Enter the precise URI that requires account extraction and protection.
Account Extraction: Specify account type, account location, and parameter name. Up to 10 account extraction conditions can be added in one policy. If the business request meets any of the matching conditions, the account extraction will be completed.
Account Type: Specify the type information to be extracted, default is mobile number. Supports: mobile number, WeChat, QQ, mobile number MD5, and others. It is recommended to use the mobile number for account value to ensure identification effectiveness.
Account Location: The location of the account in the request, default is Cookie. Supports Query_String and Body. You can determine the account location based on actual conditions.
Parameter Name: For example, mobile:17000000001, just enter mobile.
Risk Level: Account risk reputation level, supports three categories: No Malice, Manual Review, and High Risk (recommended). Default is High Risk. This value may be empty; if empty, it will be directly passed.
Risk Type: This value may be empty; if empty, it will be directly passed. Default is all, supports multiple selections.
Recommended action:Execute the specified action after triggering the protection policy. Policy priority is matched according to action type, with the order of priority being: Monitor > Redirect > Captcha > Intercept. For the same actions, the later added has higher priority.
Policy Description:Policy description information, optional field.
4. You can view the completed business security policy on the business security page.
Field Description:
Rule ID: Defense policy ID identifier, which can be searched based on Rule ID in the Attack Logs.
Policy Name/Description: Policy name and description information, displayed according to the Definition information at the time of addition.
Account Type: Displays the account type you configured for extraction.
Protection URI: Business security account extraction and threat defense path.
Risk Level: Account reputation risk, displayed based on your configuration results.
Risk Type: Account risk type, displayed based on your configuration results.
Recommended action: Actions to be taken after triggering the configured policy.
Rule status: Policy switch, enabled by default.
Modification Time: API creation or modification time.
Operations: Currently supports edit and delete operations, and batch deletion is supported through multi-selection.
Policy Name Search: Supports search by policy name or protected URL.
Editing rule
1. On the Bot and Application Security > Business Security page, select the domain name to be protected in the upper left corner.
2. On the Business Security page, select the desired rule, click Edit, and an Edit Business Security Strategy popup will appear.
3. In the Edit Business Security Strategy popup, you can modify account extraction, risk level, risk type, execution action, and strategy description. Click OK to save.
Delete Rule
1. On the Bot and Application Security > Business Security page, select the domain name to be protected in the upper left corner.
2. On the Business Security page, you can delete single or multiple rules. The detailed steps are as follows.
Single: Select the required rule, click the Delete in the operation column, a "Confirm Delete" popup appears.
Multiple: Select multiple rules, click Batch Delete, a "Confirm Delete" popup appears.
3. In the "Confirm Delete" popup, click Confirm to delete the rule.