This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Overview of security checks
The Web App Firewall advanced protections (security checks) are a set of filters designed to catch complex or unknown attacks on your protected websites and web services. The security checks use heuristics, positive security, and other techniques to detect attacks that may not be detected by signatures alone. You configure the security checks by creating and configuring an Web App Firewall profile, which is a collection of user-defined settings that tell the Web App Firewall which security checks to use and how to handle a request or response that fails a security check. A profile is associated with a signatures object and with a policy to create a security configuration.
The Web App Firewall provides twenty security checks, which differ widely in the types of attacks that they target and how complex they are to configure. The security checks are organized into the following categories:
- Common security checks. Checks that apply to any aspect of web security that either does not involve content or is equally applicable to all types of content.
- HTML security checks. Checks that examine HTML requests and responses. These checks apply to HTML-based websites and to the HTML portions of Web 2.0 sites, which contain mixed HTML and XML content.
- XML security checks. Checks that examine XML requests and responses. These checks apply to XML-based web services and to the XML portions of Web 2.0 sites.
The security checks protect against a wide range of types of attack, including attacks on operation system and web server software vulnerabilities, SQL database vulnerabilities, errors in the design and coding of websites and web services, and failures to secure sites that host or can access sensitive information.
All security checks have a set of configuration options, the check actions, which control how the Web App Firewall handles a connection that matches a check. Three check actions are available for all security checks. They are:
- Block. Block connections that match the signature. Disabled by default.
- Log. Log connections that match the signature, for later analysis. Enabled by default.
- Stats. Maintain statistics, for each signature, that show how many connections it matched and provide certain other information about the types of connections that were blocked. Disabled by default.
A fourth check action, Learn, is available for more than half of the check actions. It observes traffic to a protected website or web service and uses connections that repeatedly violate the security check to generate recommended exceptions (relaxations) to the check, or new rules for the check. In addition to the check actions, certain security checks have parameters that control the rules that the check uses to determine which connections violate that check, or that configure the Web App Firewall’s response to connections that violate the check. These parameters are different for each check, and they are described in the documentation for each check.
To configure security checks, you can use the Web App Firewall wizard, as described in The Web App Firewall Wizard, or you can configure the security checks manually, as described in Manual Configuration By Using the GUI. Some tasks, such as manually entering relaxations or rules or reviewing learned data, can be done only by using the GUI, not the command line. Using the wizard is usually best configuration method, but in some cases manual configuration might be easier if you are thoroughly familiar with it and simply want to adjust the configuration for a single security check.
Regardless of which method you use to configure the security checks, each security check requires that certain tasks be performed. Many checks require that you specify exceptions (relaxations) to prevent blocking of legitimate traffic before you enable blocking for that security check. You can do this manually, by observing the log entries after a certain amount of traffic has been filtered and then creating the necessary exceptions. However, it is usually much easier to enable the learning feature and let it observe the traffic and recommend the necessary exceptions.
Web App Firewall uses packet engines (PE) during processing the transactions. Each packet engine has a limit of 100K sessions which is sufficient for most deployment scenarios. However, when Web App Firewall is processing heavy traffic and the session timeout is configured at a higher value, the sessions might get accumulated. If the number of alive Web App Firewall sessions exceed the 100K per PE limit, the Web App Firewall security check violations might not be sent to the Security Insight appliance. Lowering the session timeout to a smaller value, or using sessionless mode for the security checks with sessionless URL closure or sessionless field consistency might help in preventing the sessions getting accumulated. If this is not a viable option in scenarios where transactions might require longer sessions, upgrading to a higher-end platform with more packet engine is recommended.
Support for cached AppFirewall is added, and the max session setting through the CLI per core is set to 50K sessions.
Request and response security checks
The following are the list of security checks:
Request checks
The following are the request security checks:
- Start URL
- Deny URL
- Cookie Consistency
- Cookie Hijacking
- Butter Overflow
- Post Body Limit
- Content-type
- Infer Content Type XML Payload
- File Upload Types
- Form Field Consistency
- Field Formats
- CSRF Form Tagging
- HTML Cross-Site Scripting
- HTML SQL Injection
- HTML Command Injection
- Block Keyword - XML
- XML Format
- XML Denial of Service
- XML Cross-Site Scripting
- XML SQL Injection
- XML Attachement
- XML Message Validation
- JSON Denial of Service
- JSON Cross-Site Scripting
- JSON SQL Injection
- JSON Command Injection
- Block Keyword - JSON
Response checks
The following are the response security checks:
- Credit Card
- Safe Object
- XML SOAP Fault Filtering
- Some of Web Service Interoperability
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.