Prev
Next
Chapter 5. Web application firewall (WAF)
Table of Contents
1. Policy
1.1. Basic operation
1.1.1. WAF operating mode definitions
1.1.2. Request parsing
1.1.3. Attack class criticality
1.1.4. Source IP tracking and blocking
1.1.5. External notification
1.1.6. Deny log settings
1.1.7. Access log settings
1.1.8. Mirror proxy policy from master
1.2. Protocol restrictions
1.2.1. Allowed HTTP methods, protocol versions and web services
1.2.2. Headers, restrict length and number
1.2.3. Cookies, restrict length and number
1.2.4. Request, restrict length and number
1.2.5. File uploads, restrict size and number
1.2.6. Request parameters, restrict size and number
1.3. Website global policy
1.3.1. Validate static requests separately
1.3.2. URL path validation
1.3.3. Denied URL paths
1.3.4. Query and Cookie validation
1.3.5. Headers validation
1.3.6. Attack signatures usage
1.3.7. Session and CSRF protection
1.3.8. Trusted clients - IP whitelisting
1.3.9. Trusted domains
1.3.10. Evasion protection
1.3.11. Time restricted access
1.3.12. Input validation classes
1.4. Web applications
1.4.1. Web application settings
1.4.2. Methods allowed
1.4.3. Session protection
1.4.4. Parameters
1.5. Output filter
1.5.1. Backend server cloaking
1.5.2. Output headers validation and rewriting
1.5.3. Output body validation and rewriting
1.6. Authentication
1.6.1. SSL client authentication
1.6.2. SSL client Certificate Revocation Lists (CRLs)
1.6.3. SSL client authorization
1.7. Regular expressions
1.7.1. What are regular expressions
1.7.2. Metacharacters
1.7.3. Repetition
1.7.4. Special notations with \
1.7.5. Character sets [...]
1.7.6. Lookaround
1.7.7. Examples
1.7.8. Further reading
2. Deny and error handling
2.1. Deny action
2.2. Error messages
2.2.1. Document not found (error 40x)
2.2.2. Authentication required (error 403)
2.2.3. Server error (error 50x)
2.3. Lower button bar
3. Learning
3.1. Learning data
3.1.1. Applications learned
3.1.2. Global parameters learned
3.1.3. Static content learned
3.1.4. Tools
3.1.5. Lower button bar
3.2. Learning status
3.2.1. Learning progress indicators
3.2.2. Policy history
3.2.3. Resulting policy
3.2.4. Sample run information
3.2.5. Lower button bar
3.3. Learning settings
3.3.1. Policy generation options
3.3.2. Global parameters
3.3.3. Policy verification
3.3.4. Learning thresholds
3.3.5. Learn data sampling
3.3.6. Lower button bar
4. Log
4.1. Deny log
4.1.1. Specifying filter criteria
4.1.2. Blocked and failed requests
4.1.3. Lower button bar
4.2. Access log
4.3. Access log files
5. Reports
5.1. Reports
5.2. Generated reports