Contact UsGet started

Editing a rule in a security profile

Written by
Updated at October 17, 2024

You can update basic rules, as well as Smart Protection and WAF rules, in a security profile. ARL rules are updated in an ARL profile.

  1. In the management console, select the folder containing the security profile you need.

  2. In the list of services, select Smart Web Security.

  3. Select the profile to update a rule in.

  4. On the Security rules tab, in the rule row, click and select Edit.

  5. In the window that opens, set new rule parameters:

    1. Enter a name for the rule.

    2. (optional) Enter a description.

    3. Set the rule priority. The rule you add will have a higher priority than the preconfigured rules.

      Note

      The smaller the value, the higher is the rule priority. The priorities for preconfigured rules are as follows:

      • Basic default rule: 1000000.
      • Smart Protection rule providing full protection: 999900.

    4. (Optional) Enable Only logging (dry run) if you want only to log data about the traffic fulfilling the specified conditions without applying any actions to it.

    5. Select the rule type:

      • Base: Rule that allows, denies, or sends traffic to Yandex SmartCaptcha under specified conditions.

      • Smart Protection: Sends traffic for automatic processing by machine learning and behavioral analysis algorithms. Suspicious requests are sent to Yandex SmartCaptcha for additional verification.

      • Web Application Firewall: Integrates rules from a WAF profile. Suspicious requests are sent to Yandex SmartCaptcha.

        For a WAF rule, select or create a WAF profile.

    6. Select an action:

      • For the basic rule:

        • Deny.
        • Allow.
        • Show captcha: Show the captcha selected in the security profile.

      • For a Smart Protection or WAF rule:

        • Full protection: After verification, suspicious requests are sent to SmartCaptcha.
        • API protection: After verification, suspicious requests are blocked.

    7. Under Conditions for traffic, specify which traffic the rule will be used to analyze:

      • All traffic: The rule will be used to analyze the whole traffic.

      • Conditional: The rule will be used to analyze the traffic specified in the Conditions field:

        • IP: IP address, IP address range, or IP address region.
        • HTTP header: HTTP header string.
        • Request URI: Request path.
        • Host: Domain receiving the request.
        • HTTP method: Request method.
        • Cookie: Cookie header string.

        You can set multiple conditions. To do this, select all the condition types you need in the Conditions field.

        You can also set multiple conditions of the same type. To do this, click and or or in the section with the condition you need.

        To delete a condition, click .

    8. Click Add.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. To view a list of current security profiles in the default folder, run this command:

    yc smartwebsecurity security-profile list

    Result:

    +----------------------+-------------------+---------------------+----------------+------------+-------------+
|          ID          |       NAME        |       CREATED       | DEFAULT ACTION | CAPTCHA ID | RULES COUNT |
+----------------------+-------------------+---------------------+----------------+------------+-------------+
| fev3s055oq64******** | my-new-profile    | 2024-08-05 06:57:18 | DENY           |            |           1 |
| fevlqk8vei9p******** | my-sample-profile | 2024-08-05 06:57:28 | DENY           |            |           2 |
+----------------------+-------------------+---------------------+----------------+------------+-------------+

  2. Update the security profile by applying the YAML configuration with updated description of the current security rules:

    1. To get the YAML configuration for the current security rules in the profile, run this command, specifying the security profile name or ID:

      yc smartwebsecurity security-profile get <security_profile_name_or_ID>
      Result
      id: fev450d61ucv********
folder_id: b1gt6g8ht345********
cloud_id: b1gia87mbaom********
labels:
  label1: value1
  label2: value2
name: my-new-profile
description: my description
default_action: DENY
security_rules:
  - name: rule-condition-deny
    priority: "11111"
    dry_run: true
    rule_condition:
      action: DENY
      condition:
        authority:
          authorities:
            - exact_match: example.com
            - exact_match: example.net
        http_method:
          http_methods:
            - exact_match: GET
            - exact_match: POST
        request_uri:
          path:
            prefix_match: /search
          queries:
            - key: firstname
              value:
                pire_regex_match: .ivan.
            - key: lastname
              value:
                pire_regex_not_match: .petr.
        headers:
          - name: User-Agent
            value:
              pire_regex_match: .curl.
          - name: Referer
            value:
              pire_regex_not_match: .bot.
        source_ip:
          ip_ranges_match:
            ip_ranges:
              - 1.2.33.44
              - 2.3.4.56
          ip_ranges_not_match:
            ip_ranges:
              - 8.8.0.0/16
              - 10::1234:1abc:1/64
          geo_ip_match:
            locations:
              - ru
              - es
          geo_ip_not_match:
            locations:
              - us
              - fm
              - gb
    description: My first security rule. This rule it's just example to show possibilities of configuration.
created_at: "2024-08-05T17:54:48.898624Z"

    2. Copy current rule configuration from the security_rules section, paste it into any text editor, and save it to a file after editing as appropriate. The example below shows a change in the rule name, along with replacing the DENY action with the ALLOW one.

      security-rules.yaml
      - name: rule-condition-allow
  priority: "11111"
  dry_run: true
  rule_condition:
    action: ALLOW
    condition:
      authority:
        authorities:
          - exact_match: example.com
          - exact_match: example.net
      http_method:
        http_methods:
          - exact_match: GET
          - exact_match: POST
      request_uri:
        path:
          prefix_match: /search
        queries:
          - key: firstname
            value:
              pire_regex_match: .ivan.
          - key: lastname
            value:
              pire_regex_not_match: .petr.
      headers:
        - name: User-Agent
          value:
            pire_regex_match: .curl.
        - name: Referer
          value:
            pire_regex_not_match: .bot.
      source_ip:
        ip_ranges_match:
          ip_ranges:
            - 1.2.33.44
            - 2.3.4.56
        ip_ranges_not_match:
          ip_ranges:
            - 8.8.0.0/16
            - 10::1234:1abc:1/64
        geo_ip_match:
          locations:
            - ru
            - es
        geo_ip_not_match:
          locations:
            - us
            - fm
            - gb

      Alert

      If you change the rules in the security profile, all existing rules will be deleted. This is why the YAML file with the changes must contain the full set of rules that will be in effect in the security profile.

    3. To update a security profile, run this command, specifying the profile name or ID:

      yc smartwebsecurity security-profile update <security_profile_name_or_ID> \
   --security-rules-file <path_to_file_with_security_rules>

      Where --security-rules-file is the path to the YAML file with security rules.

      Result:
      id: fev450d61ucv********
folder_id: b1gt6g8ht345********
cloud_id: b1gia87mbaom********
labels:
  label1: value1
  label2: value2
name: my-new-profile
description: my description
default_action: DENY
security_rules:
  - name: rule-condition-allow
    priority: "11111"
    dry_run: true
    rule_condition:
      action: ALLOW
      condition:
        authority:
          authorities:
            - exact_match: example.com
            - exact_match: example.net
        http_method:
          http_methods:
            - exact_match: GET
            - exact_match: POST
        request_uri:
          path:
            prefix_match: /search
          queries:
            - key: firstname
              value:
                pire_regex_match: .ivan.
            - key: lastname
              value:
                pire_regex_not_match: .petr.
        headers:
          - name: User-Agent
            value:
              pire_regex_match: .curl.
          - name: Referer
            value:
              pire_regex_not_match: .bot.
        source_ip:
          ip_ranges_match:
            ip_ranges:
              - 1.2.33.44
              - 2.3.4.56
          ip_ranges_not_match:
            ip_ranges:
              - 8.8.0.0/16
              - 10::1234:1abc:1/64
          geo_ip_match:
            locations:
              - ru
              - es
          geo_ip_not_match:
            locations:
              - us
              - fm
              - gb
    description: My first security rule. This rule it's just example to show possibilities of configuration.
created_at: "2024-08-05T17:54:48.898624Z"

For more information about the yc smartwebsecurity security-profile update command, see the CLI reference.

Use the update REST API method for the SecurityProfile resource or the SecurityProfileService/Update gRPC API call.

See also

Previous
Adding a rule
Next
Deleting a rule