Web应用防火墙(WAF)的AI应用防护功能通过定义资产,定位并检测AI应用中用户输入(请求)和模型输出(响应)的内容。新建资产后,可为其启用提示词攻击防护或内容安全检测功能。
新建资产
您需要拥有已存在的防护对象(即Web业务已接入WAF)才能执行以下步骤,若尚未接入WAF,请参考接入概述完成接入。
进入资产管理界面。在顶部菜单栏,选择WAF实例的资源组和地域(中国内地、非中国内地),然后单击新建资产。
填写匹配条件,匹配条件为必填项。用于定义需要防护的AI API接口,使WAF能根据这些条件精准识别目标流量。
匹配字段
匹配内容
域名
填写域名或IP地址,例如您的防护对象对应的域名为
domain.com,此处填写domain.com。URL路径
填写API的URL路径,例如此处填写
/chat/message,域名处填写domain.com,则防护的目标为domain.com/chat/message。HTTP请求方法
可选项:
POST、GET、PUT。在提示词位置与响应内容处填写内容位置字段,使WAF能够在HTTP报文中定位到待检测的内容。需要符合JSONPath表达式。
重要此处的配置将直接影响到后续防护模块的检测内容。
若后续需要配置WAF同时检测用户请求与模型响应的合规性,则必须在此处同时配置提示词位置与响应内容。
若后续需要配置WAF进行应答替换动作,则必须在此处配置响应内容。
对于响应内容,请根据实际的业务特征对如下配置项进行勾选。
非流式响应:服务器在处理完成后,一次性返回完整JSON格式响应体,客户端需等待全部数据生成完毕后才能获取结果。
流式响应:服务器将响应数据分片持续推送,客户端可实时接收并处理部分结果,直至连接关闭。仅支持SSE协议。
深度思考:模型在生成最终答案前,显式输出推理过程,以结构化步骤展现内在逻辑,提升结果的可解释性与准确性。
说明若您不确定内容位置字段,可以参考下列示例进行判断,也可以单击输入框后的测试进行验证。
请求提示词位置示例
示例1
下方的http请求body字段,提示词位置对应的JSONPath为:
$.messages[0].content.parts[0]。{ "action": "next", "messages": [{ "id": "c86043d3-6657-4a9e-85df-a22c98666367", "create_time": 1742977262.085, "content": { "content_type": "text", "parts": ["什么是大模型提示词"] } }] }示例2
下方的http请求body字段,提示词位置对应的JSONPath为:
$.messages[1].content。{ "model": "gpt-3.5-turbo", "messages": [ { "role": "system", "content": "你是一个助手" }, { "role": "user", "content": "帮我写一封感谢信" } ], "temperature": 0.7 }示例3
下方的http请求body字段,最后一轮的用户提示词位置对应的JSONPath为:
$.messages[-1].content。{ "messages": [ { "role": "user", "content": "解释一下神经网络" }, { "role": "assistant", "content": "神经网络是一种模拟人脑结构的计算模型..." }, { "role": "user", "content": "那Transformer呢?" } ]响应内容位置示例
非流式响应
下方的http响应body字段,响应内容位置对应的JSONPath为:
$.choices[0].message.content。{ "choices": [ { "message": { "role": "assistant", "content": "大模型提示词是引导模型生成特定输出的输入文本。" } } ] }流式响应
下方的http响应body字段,共有5个内容分片,每个分片的内容路径对应的JSONPath为:
$.answer。data: {"event": "message", "message_id": "5adxxx6290", "conversation_id": "457xxx55f2", "answer": "很", "created_at": 1679586595} data: {"event": "message", "message_id": "5adxxx6290", "conversation_id": "457xxx55f2", "answer": "高兴", "created_at": 1679586595} data: {"event": "message", "message_id": "5adxxx6290", "conversation_id": "457xxx55f2", "answer": "见", "created_at": 1679586595} data: {"event": "message", "message_id": "5adxxx6290", "conversation_id": "457xxx55f2", "answer": "到", "created_at": 1679586595} data: {"event": "message", "message_id" : "5adxxx6290", "conversation_id": "457xxx55f2", "answer": "你", "created_at": 1679586595} data: {"event": "message_end", "id": "5adxxx6290", "conversation_id": "457xxx55f2", "metadata": {} }深度思考
下方的http响应body字段,深度思考位置对应的JSONPath为:
$.choices[0].delta.reasoning_content。data: {"choices":[{"delta":{"content":null,"role":"assistant","reasoning_content":""},"index":0,"logprobs":null,"finish_reason":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"finish_reason":null,"logprobs":null,"delta":{"content":null,"reasoning_content":"唔"},"index":0}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":null,"reasoning_content":",用户"},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":null,"reasoning_content":"问了一个"},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":null,"reasoning_content":"基础的"},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":null,"reasoning_content":"自我介绍问题。"},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":"我是DeepSeek","reasoning_content":null},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":"有什么","reasoning_content":null},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":"可以","reasoning_content":null},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"delta":{"content":"帮你","reasoning_content":null},"finish_reason":null,"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: {"choices":[{"finish_reason":"stop","delta":{"content":"的吗?"},"index":0,"logprobs":null}],"object":"chat.completion.chunk","usage":null,"created":1758787252,"system_fingerprint":null,"model":"deepseek-v3.1","id":"chatcmpl-xxx-e30c1"} data: [DONE]
设置关联防护对象,每个资产只能关联一个防护对象。
查看并管理资产
在资产管理页面,可查看并管理当前已创建的资产,如下图所示:
查看资产:在防护状态栏查看资产已配置的防护,若未配置任何防护,则显示未防护。
编辑资产:通过单击操作列的编辑,对已创建资产的提示词位置与响应内容进行修改。
删除资产:通过单击操作列的删除,删除已创建的资产,资产被删除后不会受到任何防护。
后续操作
资产新建后不具备防护能力,请根据实际业务需求,为资产配置提示词攻击防护或内容安全检测防护模板进行防护。
配额与限制
资产的匹配条件与关联防护对象在资产创建后不支持修改。
每个资产只能关联一个防护对象。
流式响应仅支持SSE协议。