Contact UsGet started

Getting started with a security profile

Written by
Updated at October 14, 2024

Create your first security profile and connect it to an existing virtual host of an L7 load balancer in Yandex Application Load Balancer.

If you have no L7 load balancer configured, you can try Smart Web Security out on the test infrastructure. For more information, see Creating an Application Load Balancer L7 load balancer with a Smart Web Security security profile.

To get started with a security profile:

  1. Create a security profile.
  2. Check your security profile settings.
  3. Connect the security profile to a virtual host.

Prepare your cloud

Sign up for Yandex Cloud and create a billing account:

  1. Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one.

If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Create a security profile

The security profile is the main Smart Web Security component, which consists of a set of rules, each containing conditions for filtering user requests arriving to the resource being protected.

To create a security profile:

  1. In the management console, select the folder you want to create a profile in.

  2. In the list of services, select Smart Web Security.

  3. Click Create and select From a preset template.

    A preset profile includes:

    Tip

    Creating a pre-configured profile with full Smart Protection is preferable. This will ensure the highest level of security for your resource being protected.

  4. Enter a name for the profile, e.g., test-sp1.

  5. In the Action for the default base rule field, select Deny.

  6. Click Create.

Check your security profile settings

  1. Select the test-sp1 profile you created earlier.

  2. Make sure the Security rules tab contains a rule with the following parameters:

    • Type: Smart Protection
    • Action: Full protection
    • Conditions: All traffic

    This rule sends all incoming traffic of the protected resource for automatic analysis using ML and behavioral analysis algorithms. As a result of automatic analysis:

    • Legitimate requests are routed to the protected resource.
    • Illegitimate requests and attacks are blocked.
    • Suspicious requests are sent to SmartCaptcha for additional verification.

You can also connect these to your security profile:

Connect the security profile to the virtual host

  1. At the top right, click Connect to host.

  2. In the window that opens, select:

    • Load balancer.

    • HTTP router.

    • Virtual host. You can connect the security profile to multiple virtual hosts at once.

      To connect the profile to another L7 load balancer, click Add load balancer.

  3. Click Connect.

    You will see the connected virtual host under Connected hosts.

See also

Previous
Overview
Next
Getting started with WAF