Getting started with a security profile
Create your first security profile and connect it to an existing virtual host of an L7 load balancer in Yandex Application Load Balancer.
If you have no L7 load balancer configured, you can try Smart Web Security out on the test infrastructure. For more information, see Creating an Application Load Balancer L7 load balancer with a Smart Web Security security profile.
To get started with a security profile:
- Create a security profile.
- Check your security profile settings.
- Connect the security profile to a virtual host.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Create a security profile
The security profile is the main Smart Web Security component, which consists of a set of rules, each containing conditions for filtering user requests arriving to the resource being protected.
To create a security profile:
-
In the management console
, select the folder you want to create a profile in. -
In the list of services, select Smart Web Security.
-
Click Create and select From a preset template.
A preset profile includes:
- Basic default rule enabled for all traffic with the
Deny
action type. - Smart Protection rule enabled for all traffic with the
Full protection
action type.
Tip
Creating a pre-configured profile with full Smart Protection is preferable. This will ensure the highest level of security for your resource being protected.
- Basic default rule enabled for all traffic with the
-
Enter a name for the profile, e.g.,
test-sp1
. -
In the Action for the default base rule field, select
Deny
. -
Click Create.
Check your security profile settings
-
Select the
test-sp1
profile you created earlier. -
Make sure the Security rules tab contains a rule with the following parameters:
- Type:
Smart Protection
- Action:
Full protection
- Conditions:
All traffic
This rule sends all incoming traffic of the protected resource for automatic analysis using ML and behavioral analysis algorithms. As a result of automatic analysis:
- Legitimate requests are routed to the protected resource.
- Illegitimate requests and attacks are blocked.
- Suspicious requests are sent to SmartCaptcha for additional verification.
- Type:
You can also connect these to your security profile:
- WAF profile (for more information, see Getting started with a WAF profile).
- ARL profile (for more information, see Getting started with an ARL profile).
Connect the security profile to the virtual host
-
At the top right, click
Connect to host. -
In the window that opens, select:
-
Virtual host. You can connect the security profile to multiple virtual hosts at once.
To connect the profile to another L7 load balancer, click Add load balancer.
-
Click Connect.
You will see the connected virtual host under Connected hosts.