Information Security Protection

UWAF rules are judgments made by UWAF upon receiving a request, while information security protection rules are judgments made on the response received from the origin server after UWAF sends the request. Information Security Protection rules are controlled by the operating mode and take effect only in blocking mode. They can filter sensitive information from the response, disguise abnormal status codes, respond with custom content, and block specific content.

The priority of each rule can be found in Rule Priority.

!> Attention:
The Information Security Protection function only supports text/plain and text/html response data types for judgment. That is, the value of the Content-Type field in the server response header is text/plain or text/html, and other content types are not supported.

Description of Rule Parameters

?> Note:
“Blocking Response” means that the response content that triggers the rule will be blocked and the connection that triggers this rule will be disconnected, which means the request client cannot get the blocked response content.
”Information Disguise” refers to replacing the original server’s response with custom content (txt plain text or HTML code).

Sensitive Information Filtering

Filter sensitive information from the original server’s response content. If the content of the response can match the information content of the rule (ID number, phone number, email address, bank card number), these contents will be replaced with *.

Response Code Security Control

Judge the response code from the origin server. If the response code can match the information content of the rule (set between 400 - 599), it will be blocked or replaced with custom content according to the matching action, thus achieving information disguise.

Custom Content Control

Judge the response content from the origin server. If the content of the response can match the information content of the rule, the response will be blocked.