Creating a security profile
-
In the management console
, select the folder where you want to create a security profile. -
In the list of services, select Smart Web Security.
-
Click Create.
-
Select one of the creation options:
- From a preset template. Preset profiles include:
- Basic default rule enabled for all traffic with the
Deny
action type. - Smart Protection rule enabled for all traffic with the
Full protection
action type.
- Basic default rule enabled for all traffic with the
- From scratch. This profile includes only the basic default rule enabled for all traffic.
Tip
Creating a pre-configured profile with full Smart Protection is preferable. This will ensure the highest level of security for your resource being protected.
- From a preset template. Preset profiles include:
-
Enter the profile name.
-
(Optional) Enter a description.
-
(Optional) Add a label for the profile.
-
In the Action for the default base rule field, select an action to be applied to the traffic that mismatches the criteria of other rules:
Deny
orAllow
. -
Select Yandex SmartCaptcha to check suspicious requests:
-
Default
: Managed on the Yandex Cloud side, captcha parameters:- Main challenge: Checkbox.
- Additional challenge:
Silhouettes. - Additional challenge difficulty: Easy.
- Appearance: Standard.
The
Default
captcha usage fee is included in the cost of Smart Web Security. -
Custom captcha
: You can customize captcha difficulty, types of main and additional challenges, and appearance.Note
To use a custom captcha, select Disable domain verification in its settings.
The custom captcha usage fee is charged according to SmartCaptcha pricing policy.
To create a new captcha, click Create.
-
-
Click
Add rule. -
In the rule creation window:
-
Enter a name for the rule.
-
(optional) Enter a description.
-
Set the rule priority. The rule will have higher priority than the preconfigured ones.
Note
The smaller the value, the higher is the rule priority. The priorities for preconfigured rules are as follows:
- Basic default rule:
1000000
. - Smart Protection rule providing full protection:
999900
.
- Basic default rule:
-
(Optional) Enable the Only logging (dry run) option if you want to log data about the traffic that fulfills the specified conditions without applying any action to it.
-
Select the rule type:
- Base: Allows or denies traffic based on specified conditions.
- Smart Protection: Sends traffic for automatic processing by machine learning and behavioral analysis algorithms. Suspicious requests are sent to Yandex SmartCaptcha for additional verification.
-
Select an action:
- For a basic rule:
Deny
orAllow
traffic whose parameters match the conditions. - For a Smart Protection rule:
Full protection
: Traffic is checked by ML models and behavioral analysis algorithms. Suspicious requests are sent to SmartCaptcha.API protection
: Traffic is checked by ML models and behavioral analysis algorithms. Suspicious requests are denied.
- For a basic rule:
-
In the Conditions field, select the conditions the traffic must fulfill to get processed by the rule. In the fields that appear below, set additional parameters for the selected conditions. For more details, see Rule action conditions.
You can set multiple conditions of the same type. Different types of conditions use different logical operators: and or or. To add more than one condition of a certain type, click
and or or. -
Click Add.
-
-
Add all relevant rules to the profile one by one.
The rules you created will appear under Security rules in the table.
-
Click Create.