-
-
Relaxation and deny rules for handling HTML SQL injection attacks
-
Use case - Binding Web App Firewall policy to a VPN virtual server
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Relaxation and deny rules for handling HTML SQL injection attacks
When there is an incoming traffic, the violation detection logic checks for traffic violations. If no HTML SQL injection attacks are detected, the traffic is allowed to pass. But if a violation is detected, the relaxation (allow) and deny rules define how to handle the violations. If the security check is configured in the allow mode (default mode), the detected violation is blocked unless the user has explicitly configured a relaxation or allow rule.
In addition to allow mode, the security check can also be configured in deny mode and use deny rules for handling violations. If the security check is configured in this mode, the detected violations are blocked if a user has explicitly configured a deny rule. If there are no deny rules configured, then the user configured action is applied.
Note:
By default, the URL is a regular expression.
The following illustration explains how to allow and deny modes of operation work:
- When a violation is detected, the relaxation (allow) and deny rules define how to handle the violations.
- If the security check is configured in deny mode (if configured in allow mode, jump to step 5), the violation is blocked unless you have explicitly configured a deny rule.
- If the violation matches a deny rule, the appliance blocks the traffic.
- If the traffic violation does not match a rule, the appliance applies a user-defined action (block, reset, or drop).
- If the security check is configured in allow mode, the Web App Firewall module checks if there are any allow rule configured.
- If the violation matches an allow rule, the appliance allows the traffic to bypass otherwise, it is blocked.
Configure security check-in relaxation and enforcement mode using CLI
At the command prompt, type:
set appfw profile <name> –SQLInjectionAction [block stats learn] – SQLInjectionRuleType [ALLOW DENY]
<!--NeedCopy-->
Example:
set appfw profile prof1 sqlInjectionAction block -sqlInjectionRuleType ALLOW DENY
Configure security check-in relaxation and enforcement mode using GUI
- Navigate to Security > NetScaler Web App Firewall and Profiles.
- On the Profiles page, select a profile and click Edit.
- On the NetScaler Web App Firewall Profile page, go to the Advanced Settings section and click Security Checks.
- In the Security Checks section, select HTML SQL Injection Settings and click Action Settings.
- On the HTML Command Injection Settings page, select that actions to be performed as part of HTML command injection security check and update the parameters.
- Click OK.
Bind relaxation and enforcement rules to Web Application Firewall profile using CLI
At the command prompt, type:
bind appfw profile <name> -SQLInjection <string> <formActionURL>
<!--NeedCopy-->
Example:
bind appfw profile p1 -SQLInjection field_f1 "/login.php" –RuleType ALLOW
bind appfw profile p2 -SQLInjection field_f1 "/login.php" –RuleType ALLOW
Bind relaxation and enforcement rules to Web Application Firewall profile using GUI
- Navigate to Security > NetScaler Web App Firewall and Profiles.
- On the Profiles page, select a profile and click Edit.
- On the NetScaler Web App Firewall Profile page, go to Advanced Settings section and click Relaxation Rules.
- In the Relaxation Rule section, select HTML SQL Injection Settings and click Edit.
- On the HTML SQL Injection Relaxation Rules page, click Add.
- Specify the required details.
- Click Create.
Share
Share
In this article
- Configure security check-in relaxation and enforcement mode using CLI
- Configure security check-in relaxation and enforcement mode using GUI
- Bind relaxation and enforcement rules to Web Application Firewall profile using CLI
- Bind relaxation and enforcement rules to Web Application Firewall profile using GUI
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.