[Yandex Cloud documentation](../../index.md) > [Yandex Smart Web Security](../index.md) > [Concepts](index.md) > Security profiles

# Security profiles

_Security profile_ is the main Smart Web Security component. A security profile consists of a set of HTTP traffic processing [rules](rules.md). The rules contain filtering [conditions](conditions.md) and [actions](rules.md#rule-action) that apply to your web resource's incoming traffic. Security profiles also allow configuring a [CAPTCHA](https://en.wikipedia.org/wiki/CAPTCHA) and request limits based on various conditions. To standardize client response pages for triggered profile rules, you can create your own [response templates](response-templates.md).

{% note info %}

To enhance your security, we use HTTP request data to train our machine learning (ML) models. You can disable the use of this data in the [management console](https://console.yandex.cloud) when creating a security profile or later in its settings.

{% endnote %}

You can create security profiles in different ways:
  * _From a preset template_.

    A preset profile includes:
    
    * [Basic default rule](rules.md#base-rules) enabled for all traffic with the `Allow` [action type](rules.md#rule-action).
    * [Smart Protection rule](rules.md#smart-protection-rules), `sp-rule-1`, enabled for all traffic with the `Full protection` action type.
    
  * _From scratch_. This profile includes only the basic default rule enabled for all traffic.

   You configure the security profile according to your threat model, i.e., description of your service-specific potential risks, attack actors, and vulnerabilities. If you are setting up your protection without professional cybersecurity assistance, we recommend using the preconfigured profile template set up by Yandex Cloud experts. This will insure the basic level of protection and help reduce the probability of configuration errors.

[Connect a security profile](../operations/host-connect.md) to your resource to enable Smart Web Security protection.

You can connect a security profile to various types of resources:

* [Virtual host](../../application-load-balancer/concepts/http-router.md#virtual-host) or [ingress controller](../../application-load-balancer/tools/k8s-ingress-controller/index.md#smart-web-security) to protect resources that use Yandex Application Load Balancer. 
* [API Gateway](../../api-gateway/concepts/index.md) API gateway to protect the APIs of your applications.
* [Domain](domain-protect.md) to protect your website or web application hosted in Yandex Cloud, your internal infrastructure, or other platforms.

## Request body analysis {#analyze-request-body}

In the security profile, you can enable request body inspection to improve the web application's performance and security. Limiting the maximum request body size prevents excessive resource consumption and mitigates the effects of DoS/DDoS attacks, where attackers submit large requests in order to exhaust the server's resources.

When you configure a security profile, you can select an action for when the maximum request body size is exceeded:

* `Do not analyze body`: Use it when a legitimate application frequently sends large requests.
* `Block request`: This is a universal and secure approach. Smart Web Security blocks any requests exceeding the 8 KB limit, reducing the risk of attacks. If a request is blocked, Smart Web Security returns a `403` error.

## Profiles and rules diagram {#profile-rules-schema}

The diagram below illustrates the relationship between Smart Web Security profiles and rules. Security profile is the main Smart Web Security component you can use to set up basic rules and Smart Protection. You can additionally connect a WAF profile (through a WAF rule), an ARL profile, and SmartCaptcha.

![profiles-rules](../../_assets/smartwebsecurity/profiles-rules.svg)

#### See also {#see-also}

* [Managing security profiles](../operations/index.md#profiles)
* [Setting up basic protection in Smart Web Security](../tutorials/sws-basic-protection.md)
* [Setting up an Ingress controller and test applications](../../managed-kubernetes/tutorials/alb-ingress-controller.md#create-ingress-and-apps)