Select Security in settings page, you will see security policies for your CDN profile. Security Policies are grouped into 4 categories, namely
- XSS Rule Setting: WAF policy against cross-site scripting
- SQL Injection Rule Setting: WAF policy against SQL Injection
- Generic Injection Rule Setting: WAF policy against generic injection
- DDoS Protection: Policy against DDoS attack (5.4.)
- Click the analytics icon on the domain you’d like check → Click the General tab.
- If the toggle is switched to 'OFF', switch it to 'ON'.
- If you want to fine-tune the rules, please click 'Edit Rules'.Manage the WAF policy is pretty straight forward, toggle the Enable bottom to turn on/off policy. Default Action is simulate, description of Action is as below:(a)Simulate: When WAF rule is hit, log the attack but still let it pass. It is useful to reduce false positive(b)Block: When WAF rule is hit, log the attack and block the request. (c)Pass: No logging and let the request pass. It equals to turn off the rule.