Customer SupportGet Expert Help
Skip to main content

Advanced Protection

Anti-Leech

Anti-leech prevents unauthorised third-party websites from directly linking and accessing static resources, mitigating resource theft and bandwidth abuse.

Configuration:

  • Name and Description
  • Triggering Condition:
    • Static Resource: Configure the types of static files.
    • Trusted Sites: Define domains allowed to access the static content.
    • Whitelist Path: Configure the paths that are exempt from protection.
  • Target Site: Select the website to apply the rule.

Page Defacement Mitigation

Page defacement mitigation ensures that website visitors always get intact web pages, even if websites are hacked or tampered with.

  • One-Click Enablement: Automatically monitors changes on the unauthorised page.
  • Configuration: Configure the maximum cache space and the URL paths to cache the protected pages. Can optionally enable the automatic cache update.

Cross-Site Request Forgery (CSRF) Protection

CSRF protection prevents CSRF attacks by validating the referer header of incoming requests to ensure they originate from authorised domains.

Configuration:

  • One-Click Enablement: Activates CSRF verification logic.
  • Configuration: Configure the URL paths and the trusted sites.

Brute Force Protection

Brute force protection detects and mitigates automated login attempts that attempt to guess user credentials through repeated login attempts.

Configuration:

  • Name and Description
  • Triggering Condition: Configure the path, username parameter, password parameter and frequency.
  • Action: Configure a policy to handle the requests that satisfy the triggering condition. The triggering condition includes the action type (block, redirect, or bypass), delay, and/or the response status code.
  • Auto-Web ACL: Configure the time to handle the requests from certain IPs based on the configured policy.
  • Target Site: Select the website where the rule should be enforced.

Geolocation Restriction

Geolocation restriction controls access to web resources based on the geographic location of the request source, mitigating the regional-based threats or enforcing compliance.

Configuration:

  • Name and Description
  • Triggering Condition:
    • Source IP from
    • Scheduling: Select 'Always', 'Once', or 'Periodic'.
  • Action:
    • Allow: Permit requests from the specified regions.
    • Deny: Block access from the specified regions.
  • Target Site: Select the website to apply the rule.

CC Protection

CC protection detects and mitigates high-frequency access attempts from the same source IP, targeting specific URLs.

Configuration:

  • Name and Description
  • Triggering Condition:
    • Rate Limit: Configure the threshold for the number of requests per second.
    • Metrics: Select the strategy for metric calculation.
    • Cumulative Calculation: When enabled, the calculation will be based on the total request count for all paths. Otherwise, calculations will be based on each specified path.
    • Paths: Configure the path to be validated for calculating the rate limit.
  • Action: Configure a policy to handle the requests that satisfy the triggering condition. The triggering condition includes the action type (block, redirect, or bypass), delay, and/or the path and the response status code.
  • Auto-Web ACL: Configure the time to handle the requests from certain IPs based on the configured policy.
  • Target Site: Select the website to apply the rule.

XML Protection

XML protection validates XML-based request bodies to prevent malicious payloads, parser abuse, and injection attacks.

Configuration:

  • Name and Description
  • Triggering Condition:
    • Basic XML Verification: Configure the max tree depth, max element name length, max element count, etc.
    • Schema Verification: Upload the file and configure the schema.
    • SOAP Verification: Configure the path and file.
  • Target Site: Select the website to apply the rule.

Weak Password Validation

Weak password validation detects weak passwords during login attempts and mitigates the risk of unauthorised access due to easily guessable or commonly used passwords.

Configuration:

  • Name and Description
  • Triggering Condition: Configure path, username parameter and password parameter.
  • Action: Configure a policy to handle the requests that satisfy the triggering condition. The triggering condition includes the action type (block, redirect, or bypass), delay, and/or the path and the response status code.
  • Target Site: Select the website to apply the rule.

Weak Password List: Configure a list of weak passwords for the system to trigger the corresponding action.

Vulnerability Scanning

Vulnerability scanning protection prevents scan behaviours against servers by setting up a threshold on the rate limit from a single client.

Configuration:

  • Name and Description
  • Triggering Condition:
    • Request Filter: Select "all requests" or "injection requests" as the request filter.
    • Metrics: Select the strategy used for calculating the metrics.
  • Action: Configure a policy to handle the requests that satisfy the triggering condition. The triggering condition includes the action type (block, redirect, or bypass), delay, and/or the path and the response status code.
  • Auto-Web ACL: Configure the time to handle the requests from certain IPs based on the configured policy.
  • Target Site: Select the website to apply the rule.

Honeypot Protection

Honeypot protection uses fake website paths as bait for attackers to intelligently collect attacks.

Configuration:

  • Name and Description
  • Triggering Condition: Configure the honeypot paths as the bait against attackers.
  • Action: Select "return HTML" or "bypass" to handle the requests.
  • Target Site: Select the website to apply the rule.

Cookie protection secures cookies and prevents the contents from being leaked or tampered with.

Configuration:

  • Name and Description
  • Triggering Condition:
    • Protection Mode: Select cookie signature or cookie encryption as the protection mode.
    • Start Time: Set the time when the protection rule should be effective.
    • Security Attributes: Select HTTP only or HTTPS as the security attributes.
    • IP Verification: When enabled, the cookies defined below will be bonded to the source IP of the remote user.
    • Cookie Name: Enter the name(s) of the cookies to be protected.
  • Action: Configure a policy to handle the requests that satisfy the triggering condition. The triggering condition includes the action type (block, redirect, or bypass), delay, and/or the path and the response status code.
  • Target Site: Select the website to apply the rule.

Illegal Download Protection

Illegal download prevents unauthorised or illegal downloading of specific files by setting restrictions based on file size, filename extensions, and MIME types.

Configuration:

  • Name and Description
  • Triggering Condition:
    • File Size Limit: Configure a threshold for the maximum allowed file size for download requests.
    • Restricted Filename Extensions: Define a list of file extensions (e.g., .exe, .zip, .exe) that should be restricted from being downloaded.
    • Restricted MIME Types: Define MIME types (e.g., type.application/epub+zip) for files that should be restricted.
  • Action: Configure a policy to handle the requests that satisfy the triggering condition. The triggering condition includes the action type (block or bypass), and/or the response status code.
  • Target Site: Select the website to apply the rule.