Overview
Menu

Action

The Web protection module provides multiple action options. Different feature modules support different actions, please refer to the specific feature module document.
Action
Use Case
Action Description
Subsequent Action
Block
Used to block requests to access a site (including cached or non-cached content).
Respond with block page and block status code.
No longer matches other policies
Allow
Used to skip the remaining rules in the current security module.
In the current module, the remaining rules will no longer match this request.
Continue to match other effective rules
Monitor
Used to evaluate or grayscale its security policies.
Logs are only recorded, no actions are taken.
Continue to match other rules
Redirect
Used to provide standby resources and improve user access experience when blocked.
Redirect to the specified URL.
No longer matches other policies
ReturnCustomPage
Used to provide block pages with a better experience.
Used to be compatible with the API format and respond to error messages that the API can parse.
Used to monitor business and monitor blocked requests by specifying status codes.
Returns a custom error page and status code. Supports referencing page content defined in the Custom Error Page feature.
No longer matches other policies
BlockIP
Used to punish malicious clients.
When a request matches the conditions, discard requests from that client IP within a period of time.
No longer matches other policies
JSChallenge
Used to identify tool clients that do not support JavaScript, frequently seen in DDoS attack sources.
Respond with an HTTP 302 redirect page, the page carries JavaScript code to verify the client browser behavior, and only the visitors that passes the verification can continue to access.
Requests that pass the challenge continue to match other rules
ManagedChallenge
Used for Bot defense, JavaScript challenge verification is first performed, and then CAPTCHA human verification is performed on requests that pass the verification.
First take the JavaScript challenge. For clients that pass the verification, they need to respond to the redirection (HTTP 302) page and carry the verification code for verification, and the user completes the verification through interactive operations. Only visitors who pass both verifications can continue to visit.
Requests that pass the challenge continue to match other rules