WAF_Settings

Configuring Web Application Firewall Settings

The Web Application Firewall > Settings page allows you to enable and disable Web Application Firewall on your SRA appliance globally and by attack priority. You can individually specify detection or prevention for three attack classes: high, medium, and low priority attacks.

This page also provides configuration options for other Web Application Firewall settings. The following sections describe the procedures for enabling and configuring Web Application Firewall settings:

• Enabling Web Application Firewall and Configuring General Settings

• Configuring Global Exclusions

• Configuring Intrusion Prevention Error Page Settings

• Configuring Cross-Site Request Forgery Protection Settings

• Configuring Cookie Tampering Protection Settings

• Configuring Web Site Cloaking

• Configuring Information Disclosure Protection

• Configuring Session Management Settings

Enabling Web Application Firewall and Configuring General Settings

To enable and activate Web Application Firewall, you must select the check box to globally enable it and select at least one of the check boxes in the Signature Groups table. The settings in the General Settings section on this page allow you to globally manage your network protection against attacks by selecting the level of protection for high, medium, or low priority attacks. You can also clear the global Enable Web Application Firewall check box to temporarily disable Web Application Firewall without losing any of your custom configuration settings.

You can enable automatic signature updates in the General Settings section, so that new signatures are automatically downloaded and applied when available. A log entry is generated for each automatic signature update. If a signature is deleted during automatic updating, its associated Exclusion List is also removed. A log entry is generated to record the removal. You can view the log entries on the Web Application Firewall > Log page.

Cross-Site Request Forgery protection settings are also available on this page. When a CSRF attack is detected, log entries are created in both the WAF > Logs and Logs > View pages. For more information about CSRF/XSRF attacks, see How is Cross-Site Request Forgery Prevented?.

To configure global settings for Web Application Firewall, perform the following steps:

1. On the Web Application Firewall > Settings page, expand the General Settings section.

2. Select the Enable Web Application Firewall check box.

3. A warning dialog box is displayed if none of the signature groups have Prevent All already selected. Click OK in the dialog box to set all signature groups to Prevent All, or click Cancel to leave the settings as they are or to manually continue the configuration.

Select the Apply Signature Updates Automatically check box to enable new signatures to be automatically downloaded and applied when available. You do not have to click the Apply button on the Web Application Firewall > Status page to apply the new signatures.

5. Select the desired level of protection for High Priority Attacks in the Signature Groups table. Select one of the following options:

• Select the Prevent All check box to block access to a resource when an attack is detected. Selecting Prevent All automatically selects Detect All, turning on logging.

• Clear the Prevent All check box and select the Detect All check box to log attacks while allowing access to the resource.

• To globally disable all logging and prevention for this attack priority level, clear both check boxes.

6. Select the desired level of protection for Medium Priority Attacks in the Signature Groups table.

7. Select the desired level of protection for Low Priority Attacks in the Signature Groups table.

8. When finished, click Accept.