config waf http-request-flood-prevention-rule edit "HTTPFloodPrevention" set access-limit-in-http-session 300 set action block-period set bot-recognition real-browser-enforcement set bot-confirmation enable next end config waf http-connection-flood-check-rule edit "MaliciousIPS" set http-connection-threshold 100 set action alert_deny set severity High next end config waf layer4-access-limit-rule edit "HTTPAccessLimit" set access-limit-standalone-ip 300 set access-limit-share-ip 1000 set action block-period set bot-recognition real-browser-enforcement set validation-timeout 5 set bot-confirmation enable next end config waf layer4-connection-flood-check-rule edit "TCPConnectionLimit" set layer4-connection-threshold 200 set action block-period set block-period 600 next end config waf application-layer-dos-prevention edit "DoSPolicy" set enable-http-session-based-prevention enable set http-request-flood-prevention-rule HTTPFloodPrevention set http-connection-flood-check-rule MaliciousIPS set enable-layer4-dos-prevention enable set layer4-access-limit-rule HTTPAccessLimit set layer4-connection-flood-check-rule TCPConnectionLimit set layer3-fragment-protection enable next end config waf signature edit "GeneralWebSiteProtect" config main_class_list edit "010000000" set fpm-status disable set action alert_deny set severity High next edit "020000000" set status disable set fpm-status disable next edit "030000000" set action alert_deny set severity High next edit "040000000" set status disable set fpm-status disable next edit "050000000" set fpm-status disable set action alert_deny set severity High next edit "060000000" set status disable set fpm-status disable next edit "070000000" set fpm-status disable set action alert_deny next edit "080000000" set status disable set fpm-status disable set severity Low next edit "090000000" set fpm-status disable set action alert_deny set severity High next edit "100000000" set status disable set fpm-status disable set severity High next end config sub_class_disable_list end config signature_disable_list edit "060030001" next edit "060120001" next edit "080080005" next edit "080200001" next edit "080080003" next edit "090410001" next edit "090410002" next edit "040000141" next edit "040000136" next edit "060180001" next edit "060180002" next edit "060180003" next edit "060180004" next edit "060180005" next edit "060180006" next edit "060180007" next edit "060180008" next edit "010000072" next edit "010000092" next edit "010000093" next edit "010000214" next edit "030000182" next edit "030000195" next edit "030000204" next edit "050140001" next edit "050140003" next edit "050140004" next edit "050220001" next edit "080200004" next edit "080200005" next edit "080210001" next edit "080210002" next edit "080210003" next edit "080210004" next edit "080210005" next edit "090240001" next edit "050180003" next end config alert_only_list end config fpm_disable_list end config scoring_override_disable_list end config score_grade_list end config filter_list end next end config waf syntax-based-attack-detection edit "SyntaxBasedDetection" config exception-element-list end next end config waf x-forwarded-for edit "x-forwarded-for" set tracing-original-ip enable set original-ip-header X-FORWARDED-FOR config ip-list end set block-based-on-original-ip enable set skip-private-original-ip disable next end config waf web-protection-profile inline-protection edit "ProtectDDoS" set signature-rule GeneralWebSiteProtect set x-forwarded-for-rule x-forwarded-for set redirect-url http:// set application-layer-dos-prevention DoSPolicy set ip-intelligence enable set syntax-based-attack-detection SyntaxBasedDetection next end