Administration manual

Profense 3

Armorlogic

support@armorlogic.com

Armorlogic, the Armorlogic logo, the Armorlogic logotype and Profense are trademarks of Armorlogic ApS. Products mentioned herein are for identification purposes only and may be registered trademarks of their respective companies. Specification subject to change without notice.

$Date: 2011/11/14 15:16:44 $


Table of Contents

Profense Web Application Firewall
1. Getting started
1. Install Profense
1.1. Prerequisites
1.1.1. Hardware
1.1.2. Necessary information
1.2. Installation
2. Connect to the Profense web management interface
2.1. Navigating Profense web management interface
3. Basic system configuration
4. Website configuration
5. Testing if it works
5.1. Change / configure DNS for the website.
5.2. Test connectivity
6. View the website deny log
7. Change default passwords
7.1. admin user
7.2. operator user
8. Getting help
2. Dashboards
1. Deny Log
1.1. Interactive graph
1.2. Interactive list
2. Learning
3. System
3.1. System status
3.2. Interfaces
3.3. Modules
3.4. Disk I/O
3.5. Disk
3.6. Read-only monitor access
3.6.1. As HTML
3.6.2. XML format
4. Traffic
4.1. Interfaces
4.2. Traffic by website
3. Services
1. HTTP
1.1. Websites
1.1.1. Defined websites
1.2. Adding a website
1.2.1. Virtual web server
1.2.2. Real web servers
1.2.3. Initial operating mode
1.2.4. Learning
1.2.5. Removing a proxy
1.3. Global
1.3.1. Server ID
1.3.2. HTTP request throttling
1.3.3. HTTP connection limiting
1.3.4. SSL Server Name Indication
2. Network
2.1. Blacklisted Source IPs
2.2. Network blocking bypass
2.2.1. Allowing an IP address to bypass network controls
2.3. DoS mitigation
2.4. Attack source Auto blocking
4. Application Delivery Controller (ADC)
1. Virtual host
1.1. Virtual web server
1.2. SSL Certificate
1.2.1. Importing the SSL certificate
1.2.2. Exporting certificate from web server
1.3. Virtual host aliases
1.3.1. Wildcards
1.4. Timeouts
1.5. HTTP Request and Connection Throttling
1.5.1. HTTP request throttling
1.5.2. HTTP connection throttling
1.6. Trusted proxy
1.7. Redirects
1.7.1. Match types
1.7.2. Prefix match
1.7.3. Regex match
1.7.4. Vhost regex match
1.7.5. Examples summary
1.8. Lower button bar
2. Load balancing
2.1. Real web servers
2.2. Timeouts
2.3. Load balancing settings
2.4. Health Checking
2.5. Insert request headers
2.5.1. Request header variables
2.6. Advanced settings
2.7. Lower button panel
3. Caching
3.1. Static Caching
3.2. Dynamic caching
3.3. Lower button bar
4. Acceleration
4.1. Compression
4.1.1. Compression level
4.1.2. Compress response content-types
4.1.3. Exceptions
4.2. TCP connection reuse
5. Statistics
5.1. Interval selection
5.2. Summary section
5.3. Compression and served from cache graph
5.4. Requests total and served from cache graph
5.5. Original data and data sent graph
5.6. Lower button bar
5. Web application firewall (WAF)
1. Policy
1.1. Basic operation
1.1.1. WAF operating mode definitions
1.1.2. Request parsing
1.1.3. Attack class criticality
1.1.4. Source IP tracking and blocking
1.1.5. External notification
1.1.6. Deny log settings
1.1.7. Access log settings
1.1.8. Mirror proxy policy from master
1.2. Protocol restrictions
1.2.1. Allowed HTTP methods, protocol versions and web services
1.2.2. Headers, restrict length and number
1.2.3. Cookies, restrict length and number
1.2.4. Request, restrict length and number
1.2.5. File uploads, restrict size and number
1.2.6. Request parameters, restrict size and number
1.3. Website global policy
1.3.1. Validate static requests separately
1.3.2. URL path validation
1.3.3. Denied URL paths
1.3.4. Query and Cookie validation
1.3.5. Headers validation
1.3.6. Attack signatures usage
1.3.7. Session and CSRF protection
1.3.8. Trusted clients - IP whitelisting
1.3.9. Trusted domains
1.3.10. Evasion protection
1.3.11. Time restricted access
1.3.12. Input validation classes
1.4. Web applications
1.4.1. Web application settings
1.4.2. Methods allowed
1.4.3. Session protection
1.4.4. Parameters
1.5. Output filter
1.5.1. Backend server cloaking
1.5.2. Output headers validation and rewriting
1.5.3. Output body validation and rewriting
1.6. Authentication
1.6.1. SSL client authentication
1.6.2. SSL client Certificate Revocation Lists (CRLs)
1.6.3. SSL client authorization
1.7. Regular expressions
1.7.1. What are regular expressions
1.7.2. Metacharacters
1.7.3. Repetition
1.7.4. Special notations with \
1.7.5. Character sets [...]
1.7.6. Lookaround
1.7.7. Examples
1.7.8. Further reading
2. Deny and error handling
2.1. Deny action
2.2. Error messages
2.2.1. Document not found (error 40x)
2.2.2. Authentication required (error 403)
2.2.3. Server error (error 50x)
2.3. Lower button bar
3. Learning
3.1. Learning data
3.1.1. Applications learned
3.1.2. Global parameters learned
3.1.3. Static content learned
3.1.4. Tools
3.1.5. Lower button bar
3.2. Learning status
3.2.1. Learning progress indicators
3.2.2. Policy history
3.2.3. Resulting policy
3.2.4. Sample run information
3.2.5. Lower button bar
3.3. Learning settings
3.3.1. Policy generation options
3.3.2. Global parameters
3.3.3. Policy verification
3.3.4. Learning thresholds
3.3.5. Learn data sampling
3.3.6. Lower button bar
4. Log
4.1. Deny log
4.1.1. Specifying filter criteria
4.1.2. Blocked and failed requests
4.1.3. Lower button bar
4.2. Access log
4.3. Access log files
5. Reports
5.1. Reports
5.2. Generated reports
6. System reference
1. Clustering
1.1. Cluster virtual IP configuration
1.2. IP load balancing
1.3. Synchronization configuration
1.4. Cluster configuration examples
1.4.1. Configuring a load balanced cluster
1.4.2. Configuring a fail-over cluster
1.5. CARP Interfaces
1.6. Fail-over status information
2. Configuration
2.1. Network
2.2. Static routes
2.3. Syslog - logging to external host
2.3.1. Mapping of Profense System Logs to Syslog facilities
2.4. SNMP
2.5. Date and Time
2.6. Admin contact
2.7. Email system alerts
2.8. Forward HTTP proxy
2.9. Backup configuration
2.9.1. FTP configuration
2.9.2. SCP configuration
2.10. Auto-backup
2.11. Remote access
2.12. Management GUI
2.12.1. Password requirements
2.12.2. Login and session restrictions
2.12.3. SSL certificate
3. Information
3.1. System
3.2. Profense
3.3. Devices
3.4. Disks
3.5. Currently logged in users
4. Interfaces
4.1. IP configuration
4.2. Role
4.3. Media settings
5. Logs
6. Tools
6.1. Network tools
6.1.1. TCP connect test
6.1.2. Network debug
6.2. Reboot and Shutdown
6.3. Technical information for support
6.4. License information
7. Maintenance
7.1. Backup and restore
7.1.1. Best effort - restoring to different platforms
7.1.2. Local backup
7.1.3. Restore
7.2. Website templates list
7.3. Databases
7.4. Website access logs list
8. Updates
8.1. Updates available for installation
8.1.1. Installing updates
8.2. Installed updates
8.3. Configuring for updates
9. Users
9.1. User accounts
9.1.1. Built in user accounts
9.1.2. Additional accounts
9.2. Current user
9.3. System users
7. The command line interface
1. Accessing CLI
1.1. Console access
1.2. SSH access
2. Command reference
2.1. show interfaces
2.2. show interface
2.3. show gateway
2.4. show hostname
2.5. show routes
2.6. show version
2.7. set gateway
2.8. set interface
2.9. set password
2.10. set user
2.11. system backup run
2.12. system cache flush
2.13. system ping
2.14. system updates fetch
2.15. system updates query pending
2.16. system updates query installed
2.17. system updates install
2.18. system status
2.19. system restart
2.20. system shutdown
2.21. system reboot
2.22. system remotesupport
2.22.1. View remote support status
2.22.2. Enable remote support
2.22.3. Disable remote support
2.23. quit
3. OS access
3.1. Credentials
8. Network deployment
1. Simple single-homed Profense implementation
2. Firewalled single-homed Profense implementation
3. Firewalled Profense implementation with a fail-over/backup Profense
4. Dual-homed performance optimized Profense implementation
9. Frequently Asked Questions
1. Deployment
2. Client issues
3. SSL Certificates
4. Troubleshooting
5. Clustering
6. Accessing Profense management interfaces
7. Learning
8. Filtering

List of Figures

1.1. Profense installation
1.2. The management interface
1.3. Add website page
1.4. Websites overview page
1.5. Editing the hosts file
1.6. Default deny page
1.7. Deny log
1.8. Password change page
1.9. Context specific help
8.1. Simple single-homed Profense implementation
8.2. Firewall'ed single-homed Profense implementation
8.3. Firewalled Profense implementation with a fail-over/backup Profense
8.4. Dual-homed performance optimized Profense implementation

List of Tables

5.1. Metacharacters in regular expressions
5.2. Repetition in regular expressions
5.3. Notations with \ in Profense regular expressions
5.4. Character sets in regular expressions
5.5. Lookaround in regular expressions
5.6. Examples of global URL regular expressions
5.7. Examples of regular expressions for input validation
5.8. Examples of global parameters regular expressions
5.9. Predefined standard classes in Profense
© 2005 - 2011 © 2005 - 2011 Armorlogic