Products



Web Application Firewall

Documentation > Web Application Firewall > Set website tamer-resistant

Product

Set webpage tamper-proofing

You can activate the webpage tamper-proofing function for the website after it is connected to WAF. Webpage tamper-proofing helps you to lock down the website pages that need to be protected. When a request is received, the locked page will return to the cached page that has been set up to prevent the impact of malicious tampering with the content of the page on the origin server. You can set webpage tamper-proofing rules according to actual needs.

Precondition

A WAF instance has been subscribed. For more information, see Subscribe Web Application Firewall.
Website access completed. For more information, see Add Domain Name.

Use Restrictions

The webpage tamper-proofing function of the yearly / monthly WAF instance has the following restrictions.

Function	Description	Advanced Version	Enterprise Version	Flagship Version
Webpage Tamper-Proofing	The maximum number of webpage tamper-proofing rule to be supported.	10(pieces)	20(pieces)	50(pieces)

Operation Steps

Log in to the Web Application Firewall Console.
In the navigation bar at left side, click Website Configuration.
Navigate to the domain name to be protected on the Website Configuration page, and click Protection Configuration in the operation bar.
Click the Website Compliance tab on the protection configuration page, navigate to the Webpage Tamper-Proofing module to activate the Status switch, and click Add Rule.

Note Webpage tamper-proofing must be turned on before the protection rules can take effect.
Add webpage Tamper-proofing rules.
1. Click Add Rule on the Webpage Tamper-Proofing page.
2. Enter the Rule Name and URL corresponding to the webpage to be protected in the Add Rule dialog box.
  - Rule Name: Enter a rule name, which cannot exceed 30 characters.
  - URL: The http or https protocol can be selected for URL prefix, and the exact path to be protected is filled in as the suffix. Wildcards (eg /*) or parameters (eg /abc?xxx=) are not supported.
3. Click OK.
After successfully adding a webpage Tamper-proofing rule, it is not enabled by default. You can see the newly added rule in the rule list, and its Protection Status switch is not turned on.
Turn on the rule. Navigate to the rule to be turned on in the rule list, and turn on its Protection Status switch.

The cache records in the Web Application Firewall will be uniformly returned when the page corresponding to the rule is requested after the rule is successfully enabled.
Optional:

Update Cache Positioned to enabled rules in the rule list, click the Update Cache under its protection status.

Note You must click Update Cache to update the cache record in WAF if the content of the protected page is updated. WAF will always return the last cached record if you don't update the cache after the page is updated.