moved images for #59 #60 #61

docs/best-practices/security-services/web-application-firewall/combining-waf-and-layer-7-load-balancers-to-protect-services-over-any-ports.md

@@ -64,20 +64,20 @@ cannot protect.
     Configured** to `Layer-7 proxy`.
 
     ![**Figure 1** Adding a domain name to
-    WAF](/_static/images/en-us_image_0000001764480001.png)
+    WAF](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001764480001.png)
 
 3. Add listeners and backend server groups to the load balancer.
 
     1. [Log in to the management
         console](https://console-intl.huaweicloud.com/?locale=en-us).
 
     2. Click
-        ![image1](/_static/images/en-us_image_0000001420363093.jpg) in
+        ![image1](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001420363093.jpg) in
         the upper left corner of the management console and select a
         region or project.
 
     3. Click
-        ![image2](/_static/images/en-us_image_0000001369643058.png) in
+        ![image2](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001369643058.png) in
         the upper left corner of the page and choose *Elastic Load
         Balance* under *Networking* to go to the *Load Balancers*
         page.
@@ -91,12 +91,12 @@ cannot protect.
         case, enter `9876`.
 
         ![**Figure 2** Configuring a
-        listener](/_static/images/en-us_image_0000001369483086.png)
+        listener](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001369483086.png)
 
     6. Click *Next: Configure Request Routing Policy*.
 
         ![**Figure 3** Configuring a backend server
-        group](/_static/images/en-us_image_0000001423609253.png)
+        group](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001423609253.png)
 
         :::important
 
@@ -120,12 +120,12 @@ cannot protect.
         console](https://console-intl.huaweicloud.com/?locale=en-us).
 
     2. Click
-        ![image3](/_static/images/en-us_image_0000001420502081.jpg) in
+        ![image3](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001420502081.jpg) in
         the upper left corner of the management console and select a
         region or project.
 
     3. Click
-        ![image4](/_static/images/en-us_image_0000001369661940.png) in
+        ![image4](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001369661940.png) in
         the upper left corner, select a region, and choose *Security &
         Compliance* -> *Web Application Firewall* to go to the
         *Dashboard* page.
@@ -135,7 +135,7 @@ cannot protect.
         instance page.
 
         ![**Figure 4** Dedicated engine
-        list](/_static/images/en-us_image_0000001369501992.png)
+        list](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001369501992.png)
 
     5. Locate the row containing the WAF instance. In the *Operation*
         column, click *More* -> *Add to ELB*.
@@ -145,14 +145,14 @@ cannot protect.
         based on previous step.
 
         ![**Figure 5** Add to
-        ELB](/_static/images/en-us_image_0000001369683888.png)
+        ELB](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001369683888.png)
 
     7. Click *Confirm*. Then, configure service port for the WAF
         instance. In this example, configure *Backend Port* to `86`,
         which is the one we configured in step 2.
 
         ![**Figure 6** Configuring Backend
-        Port](/_static/images/en-us_image_0000001369344100.png)
+        Port](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001369344100.png)
 
     8. Click *Confirm*.
 
@@ -164,4 +164,4 @@ cannot protect.
 
 ## How the Combination Protects Traffic
 
-![image5](/_static/images/en-us_image_0000001764240765.png)
+![image5](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001764240765.png)

docs/best-practices/security-services/web-application-firewall/configuring-anti-crawler-rules-to-prevent-crawler-attacks.md

@@ -35,11 +35,11 @@ malicious crawlers, scanners, and web shells.
 1. [Log in to the management
     console](https://console-intl.huaweicloud.com/?locale=en-us).
 
-2. Click ![image1](/_static/images/en-us_image_0000001533036717.jpg) in
+2. Click ![image1](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001533036717.jpg) in
     the upper left corner of the management console and select a region
     or project.
 
-3. Click ![image2](/_static/images/en-us_image_0000001533157169.png) in
+3. Click ![image2](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001533157169.png) in
     the upper left corner and choose *Web Application Firewall* under
     *Security & Compliance*.
 
@@ -49,32 +49,32 @@ malicious crawlers, scanners, and web shells.
     click the number to go to the *Policies* page.
 
 6. Ensure that *Basic Web Protection* is enabled (status:
-    ![image3](/_static/images/en-us_image_0000001176153064.png)).
+    ![image3](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001176153064.png)).
 
     ![**Figure 1** Basic Web Protection configuration
-    area](/_static/images/en-us_image_0000001716153600.png)
+    area](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001716153600.png)
 
 7. On the *Protection Status* page, enable *General Check* and
     *Webshell Detection*.
 
 8. Click the *Anti-Crawler* configuration area and toggle it on.
 
-    - ![image4](/_static/images/en-us_image_0000001763970041.png):
+    - ![image4](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001763970041.png):
         enabled.
-    - ![image5](/_static/images/en-us_image_0000001716169956.png):
+    - ![image5](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001716169956.png):
         disabled.
 
 9. On the *Feature Library* page, enable protection functions based
     on your business needs.
 
     ![**Figure 2** Feature
-    Library](/_static/images/en-us_image_0000001072768952.png)
+    Library](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001072768952.png)
 
 If WAF detects that a malicious crawler or scanner is crawling your
 website, WAF immediately blocks it and logs the event. You can view the
 crawler protection logs on the *Events* page.
 
-![image6](/_static/images/en-us_image_0000001182529643.png)
+![image6](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001182529643.png)
 
 ## Enabling Anti-Crawler Protection to Verify Browser Validity
 
@@ -85,11 +85,11 @@ risk control and bot identification approaches.
 1. [Log in to the management
     console](https://console-intl.huaweicloud.com/?locale=en-us).
 
-2. Click ![image7](/_static/images/en-us_image_0000001533461761.jpg) in
+2. Click ![image7](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001533461761.jpg) in
     the upper left corner of the management console and select a region
     or project.
 
-3. Click ![image8](/_static/images/en-us_image_0000001483021752.png) in
+3. Click ![image8](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001483021752.png) in
     the upper left corner and choose *Web Application Firewall* under
     *Security & Compliance*.
 
@@ -100,17 +100,17 @@ risk control and bot identification approaches.
 
 6. Click the *Anti-Crawler* configuration area and toggle it on.
 
-    - ![image9](/_static/images/en-us_image_0000001763970041.png):
+    - ![image9](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001763970041.png):
         enabled.
-    - ![image10](/_static/images/en-us_image_0000001716169956.png):
+    - ![image10](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001716169956.png):
         disabled.
 
 7. Select the *JavaScript* tab and change *Status* if needed.
 
     *JavaScript* anti-crawler is disabled by default. To enable it,
-    click ![image11](/_static/images/en-us_image_0234013368.png) and
+    click ![image11](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0234013368.png) and
     then click *Confirm* in the displayed dialog box to toggle on
-    ![image12](/_static/images/en-us_image_0234013391.png).
+    ![image12](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0234013391.png).
 
     **Protective Action**: *Block*, *Verification code*, and *Log
     only*.
@@ -146,7 +146,7 @@ risk control and bot identification approaches.
         click *Confirm*.
 
         ![**Figure 3** Exclude
-        Rule](/_static/images/en-us_image_0000001481001694.png)
+        Rule](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001481001694.png)
 
     - To protect a specified request only
 
@@ -167,7 +167,7 @@ risk control and bot identification approaches.
 If you enable anti-crawler, web visitors can only access web pages
 through a browser.
 
-![image13](/_static/images/en-us_image_0000001132757446.png)
+![image13](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001132757446.png)
 
 ## Configuring CC Attack Protection to Limit Access Frequency
 
@@ -178,11 +178,11 @@ impact of CC attacks on web services.
 1. [Log in to the management
     console](https://console-intl.huaweicloud.com/?locale=en-us).
 
-2. Click ![image14](/_static/images/en-us_image_0000001533701661.jpg)
+2. Click ![image14](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001533701661.jpg)
     in the upper left corner of the management console and select a
     region or project.
 
-3. Click ![image15](/_static/images/en-us_image_0000001533182113.png)
+3. Click ![image15](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001533182113.png)
     in the upper left corner and choose *Web Application Firewall*
     under *Security & Compliance*.
 
@@ -191,22 +191,22 @@ impact of CC attacks on web services.
 5. In the *Policy* column of the row containing the target domain
     name, click the number of enabled protection rules. On the displayed
     *Policies* page, keep the *Status* toggle on
-    (![image16](/_static/images/en-us_image_0000001221411281.png)) for
+    (![image16](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001221411281.png)) for
     *CC Attack Protection*.
 
     ![**Figure 4** CC Attack Protection configuration
-    area](/_static/images/en-us_image_0000001763942269.png)
+    area](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001763942269.png)
 
 6. In the upper left corner above the *CC Attack Protection* rule
     list, click *Add Rule*. The following uses IP address-based rate
     limiting and human-machine verification as examples to describe how
     to add an IP address-based rate limiting rule, as shown in the figue below:
 
     ![**Figure 5** Per IP
-    address](/_static/images/en-us_image_0000001490687826.png)
+    address](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001490687826.png)
 
     If the number of access requests exceeds the configured rate limit,
     the visitors are required to enter a verification code to continue
     the access.
 
-    ![image17](/_static/images/en-us_image_0293910230.png)
+    ![image17](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0293910230.png)

docs/best-practices/security-services/web-application-firewall/using-lts-to-quickly-query-and-analyze-waf-access-logs.md

@@ -27,11 +27,11 @@ and analyze logs.
 
 1. Log in to the management console.
 
-2. Click ![image1](/_static/images/en-us_image_0000001192435242.jpg) in
+2. Click ![image1](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001192435242.jpg) in
     the upper left corner of the management console and select a region
     or project.
 
-3. Click ![image2](/_static/images/en-us_image_0000001237195219.png) in
+3. Click ![image2](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001237195219.png) in
     the upper left corner of the page and choose *Management &
     Governance* -> *Log Tank Service*.
 
@@ -43,24 +43,24 @@ and analyze logs.
     Then, select the *Log Stream* tab.
 
     ![**Figure 1** Accessing the log stream
-    page](/_static/images/en-us_image_0000001698121802.png)
+    page](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001698121802.png)
 
 6. On the log stream details page, click
-    ![image3](/_static/images/en-us_image_0000001811225769.png) in the
+    ![image3](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001811225769.png) in the
     upper right corner. On the page displayed, click the *Cloud
     Structured Parsing* tab.
 
 7. Select *JSON* as the log structure, as shown in figure below:
 
     ![**Figure 2**
-    JSON](/_static/images/en-us_image_0000001236748339.png)
+    JSON](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001236748339.png)
 
 8. In the *Step 1 Select a sample log event.* area, click *Select
     from existing log events*. In the displayed *Select Log Event*
     dialog box, select a log and click *OK*.
 
     ![**Figure 3** Select Log
-    Event](/_static/images/en-us_image_0000001192108582.png)
+    Event](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001192108582.png)
 
 9. In the *Step 2 Extract fields* area, click *Intelligent
     Extraction* and enable quick analysis for the log field you want to
@@ -70,13 +70,13 @@ and analyze logs.
     originates.
 
     ![**Figure 4** Selecting log fields for quick
-    analysis](/_static/images/en-us_image_0000001192348152.png)
+    analysis](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001192348152.png)
 
 10. Click *Save*. Then, LTS will start a quick analysis and do
     statistics for logs collected in a certain period.
 
     ![**Figure 5** Quickly analysis of access
-    logs](/_static/images/en-us_image_0000001192109594.png)
+    logs](/img/docs/best-practices/security-services/web-application-firewall/en-us_image_0000001192109594.png)
 
 11. In the navigation pane, choose *Visualization*. On the right pane,
     select a log query time range, enter an SQL statement in the search