Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Service page
Yandex Smart Web Security
Documentation
Yandex Smart Web Security
  • Getting started
    • Overview
    • Security profiles
    • WAF
    • ARL (request limit)
    • Rules
    • Conditions
    • Lists
    • Protecting domains
    • Quotas and limits
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Request body analysis
  • Profiles and rules diagram
  1. Concepts
  2. Security profiles

Security profiles

Written by
Yandex Cloud
Updated at July 23, 2025
  • Request body analysis
  • Profiles and rules diagram

Security profile is the main Smart Web Security component. A security profile consists of a set of HTTP traffic processing rules. The rules contain filtering conditions and actions that apply to your web resource's incoming traffic. Security profiles also allow configuring a CAPTCHA and request limits based on various conditions.

Note

To enhance your security, we use HTTP request data to train our machine learning (ML) models. You can disable the use of this data in the management console when creating a security profile or later in its settings.

You can create security profiles in different ways:

  • From a preset template. A preset profile includes:
    • Basic default rule, enabled for all traffic.
    • Smart Protection rule enabled for all traffic with the Full protection action type.
  • From scratch. This profile includes only the basic default rule enabled for all traffic.

You configure the security profile according to your threat model, i.e., description of your service-specific potential risks, attack actors, and vulnerabilities. If you are setting up your protection without professional cybersecurity assistance, we recommend using the preconfigured profile template set up by Yandex Cloud experts. This will insure the basic level of protection and help reduce the probability of configuration errors.

Connect a security profile to your resource to enable Smart Web Security protection.

You can connect a security profile to various types of resources:

  • Virtual host or ingress controller to protect resources that use Yandex Application Load Balancer.
  • API Gateway API gateway to protect the APIs of your applications.
  • Domain to protect your website or web application hosted in Yandex Cloud, your internal infrastructure, or other platforms.

Request body analysisRequest body analysis

In the security profile, you can enable request body inspection to improve the web application's performance and security. Limiting the maximum request body size prevents excessive resource consumption and mitigates the effects of DoS/DDoS attacks, where attackers submit large requests in order to exhaust the server's resources.

When you configure a security profile, you can select an action for when the maximum request body size is exceeded:

  • Do not analyze body: Use it when a legitimate application frequently sends large requests.
  • Block request: This is a universal and secure approach. Smart Web Security blocks any requests exceeding the 8 KB limit, reducing the risk of attacks. If a request is blocked, Smart Web Security returns a 403 error.

Profiles and rules diagramProfiles and rules diagram

The diagram below illustrates the relationship between Smart Web Security profiles and rules. Security profile is the main Smart Web Security component you can use to set up basic rules and Smart Protection. You can additionally connect a WAF profile (through a WAF rule), an ARL profile, and SmartCaptcha.

See alsoSee also

  • Managing security profiles
  • Setting up an Ingress controller and test applications

Was the article helpful?

Previous
Overview
Next
WAF
© 2025 Direct Cursus Technology L.L.C.