WAF core security protection
The core selection of the counter measures is the most commonly recommended and applied collection of counter measures to apply to your WAF policy.
Counter measure Name | Description |
---|---|
HTML SQL Injection | The HTML SQL Injection Counter measure provides protection against the injection of unauthorized SQL code that might break security. SQL injection is a code injection technique that might destroy your database and is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via webpage input |
HTML XSS | Attackers can use cross-site scripting (Cross-Site Scripting) to send a malicious script to an unsuspecting user, where the user’s browser has no way to know that the script should not be trusted, and will run the script. Once ran, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. |
CSRF Settings | CSRF (Cross-Site Request Forgery) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. Some common examples include changing the email address on their account, changing a password, or even making a funds transfer. |
Buffer Overflow | Buffer Overflow is one of the best-known forms of software (security) vulnerability. Buffer overflows can be used to corrupt the execution stack of a web application. “Sending carefully crafted input to a web application, an attacker can cause the web application to run arbitrary code – effectively taking over the machine.” |
HTML SQL Injection
When expanding the HTML SQL Injection counter measure, the following features and customization options will be available.
- Wildcard Characters - Enabled or Disabled
- Request containing the 4 fields - A drop-down menu providing various if/and/or statements to capture specific types of SQL content.
- Comment Handling - Indicates that all comments will be checked (enabled by default).
- Relaxation Rules - Relaxation rules can be manually created by clicking the Add button or directly added from the Learning section.
- The checkmark icon allows for the multi-selection of configured Relaxation Rules, which can then be removed in bulk.
- Learning - When set to On, traffic patterns are analyzed which can enhance the Relaxation Rules, or identify reoccurring threats.
- Alert Threshold - A configurable threshold (value) level that once reached (or exceeded), will begin to send alerts for the violations being triggered.
HTML cross-site scripting
When expanding the HTML XSS Counter measure, the following features and customization options are available.
- Check Complete URLs - You can turn this feature On or Off to require the counter measure to check the full URL of the offending traffic.
- Relaxation Rules - Relaxation rules can be manually created by clicking the Add button or directly added from the Learning section.
- The checkmark icon allows for the multi-selection of configured Relaxation Rules, which can then be removed in bulk.
- Learning - When set to On, traffic patterns are analyzed which can enhance the Relaxation Rules, or identify reoccurring threats.
- Alert Threshold - A configurable threshold (value) level that once reached (or exceeded) begins to send alerts for the violations being triggered.
CSRF Settings
When expanding the HTML cross-site scripting counter measure, the following features and customization options are available.
- Alert Threshold - A configurable threshold (value) level that once reached (or exceeded), will begin to send alerts for the violations being triggered.
- Relaxation Rules - Relaxation rules can be manually created by clicking the Add button or directly added from the Learning section.
- The checkmark icon allows for the multi-selection of configured Relaxation Rules, which can then be removed in bulk.
- Learning - When set to On, traffic patterns are analyzed which can enhance the Relaxation Rules, or identify reoccurring threats.
Buffer Overflow
In contrast to the additional features and customization options of the HTML SQL Injection counter measure, the Buffer Overflow has a more simplistic configuration setup.
- Max URL Length - Configure the maximum URL length that can be allowed before triggering a violation.
- Max Cookie Length - Configure the maximum Cookie string length that can be allowed before triggering a violation.
- Max Header Length - Configure the maximum (raw) Header Length that can be allowed before triggering a violation.
- Alert Threshold - A configurable threshold (value) level that once reached (or exceeded), will begin to send alerts for the violations being triggered.
Each counter measure is slightly unique in the customization and configuration setup that can be set.