config waf custom-access rule edit "ProtectHotlinking" set action alert_deny config source-ip-filter end config geo-filter end config user-filter end config url-filter end config http-header-filter edit 1 set predefined-header referer set header-value "^http(s)?\\:\\/\\/[^\\/]*(.)?example\\.com\\/" set pre-header-type regular set pre-header-rev-match enable next end config access-limit-filter end config parameter end config http-transaction end config response-code end config content-type end config packet-interval end config main-class end config sub-class end config signature end config custom-signature end config time-range-filter end config occurrence end next end config waf custom-access policy edit "AdvanceProtection" config rule edit 1 set rule-name ProtectHotlinking next end next end config waf signature edit "GeneralWebSiteProtect" config main_class_list edit "010000000" set fpm-status disable set action alert_deny set severity High next edit "020000000" set status disable set fpm-status disable next edit "030000000" set action alert_deny set severity High next edit "040000000" set status disable set fpm-status disable next edit "050000000" set fpm-status disable set action alert_deny set severity High next edit "060000000" set status disable set fpm-status disable next edit "070000000" set fpm-status disable set action alert_deny next edit "080000000" set status disable set fpm-status disable set severity Low next edit "090000000" set fpm-status disable set action alert_deny set severity High next edit "100000000" set status disable set fpm-status disable set severity High next end config sub_class_disable_list end config signature_disable_list edit "060030001" next edit "060120001" next edit "080080005" next edit "080200001" next edit "080080003" next edit "090410001" next edit "090410002" next edit "040000141" next edit "040000136" next edit "060180001" next edit "060180002" next edit "060180003" next edit "060180004" next edit "060180005" next edit "060180006" next edit "060180007" next edit "060180008" next edit "010000072" next edit "010000092" next edit "010000093" next edit "010000214" next edit "030000182" next edit "030000195" next edit "030000204" next edit "050140001" next edit "050140003" next edit "050140004" next edit "050220001" next edit "080200004" next edit "080200005" next edit "080210001" next edit "080210002" next edit "080210003" next edit "080210004" next edit "080210005" next edit "090240001" next edit "050180003" next end config alert_only_list end config fpm_disable_list end config scoring_override_disable_list end config score_grade_list end config filter_list end next end config waf syntax-based-attack-detection edit "SyntaxBasedDetection" config exception-element-list end next end config waf x-forwarded-for edit "x-forwarded-for" set tracing-original-ip enable set original-ip-header X-FORWARDED-FOR config ip-list end set block-based-on-original-ip enable set skip-private-original-ip disable next end config waf web-protection-profile inline-protection edit "08ProtectHotlinking" set signature-rule GeneralWebSiteProtect set x-forwarded-for-rule x-forwarded-for set redirect-url http:// set custom-access-policy AdvanceProtection set ip-intelligence enable set syntax-based-attack-detection SyntaxBasedDetection next end