Defense Settings

Operating Mode

There are 3 operating modes for UWAF rules, namely blocking mode, alert mode, and pass mode:

• Blocking mode: Will intercept or allow according to the defense rules
• Alert mode: Will generate attack logs according to the defense rules, but will not intercept attack requests
• Pass mode: Will not generate any attack logs, all access requests will be allowed

You can change the operating mode at the top of the UWAF rules and information security defense rules tabs, or you can click [Edit] next to the corresponding domain in the domain management interface to modify the operating mode in the pop-up window.

!> Note:
The CC attack defense and blacklist and whitelist functions are controlled by their own independent switches under blocking mode and alert mode, and functions such as UWAF rules, CC rules, black and white lists are invalid under pass mode.

Rule Priority

The priority between the blacklist and whitelist, CC rules, and UWAF rules is (from left to right, the priority decreases):

Global Whitelist > Domain Whitelist > Global Blacklist > Domain Blacklist > Regional IP Blocking > CC Rules > Custom UWAF Rules > Default UWAF Rules > Information Security Defense Rules

There are independent priorities between UWAF rules, which can be freely adjusted, but the priority of default UWAF rules is always lower than that of custom rules and cannot be adjusted.