1. Home
  2. Knowledge Base
  3. Enterprise Edition v6.2 Administration Guide
  4. IPDS | WAF

IPDS | WAF

Web Application Firewall

The Web Application Firewall (WAF) is the tool used to detect and block malicious HTTP traffic going across the HTTP(S) farms. WAF works by searching and analyzing patterns to apply advanced security policies. Those rules are grouped in set rules and they have to be applied to HTTP farms. The WAF rules will be checked after decrypting SSL packets, then, it will be possible to apply patterns again to the HTTP body in an SSL traffic.

SKUDONET IPDS packages use the OWASP ModSecurity rules, but you can create your ruleset to protect your system against any kind of attack. If you want to read more about OWASP rules, please refer to OWASP Modsecurity Project.

Those rules are ordered by preferences. If you decide to use them, please consider them and apply them as follows:

REQUEST-90-CONFIGURATION
REQUEST-901-INITIALIZATION
Apply any other OWASP ruleset based on what you want to protect
REQUEST-949-BLOCKING-EVALUATION
RESPONSE-959-BLOCKING-EVALUATION
RESPONSE-980-CORRELATION *for logging purposes, enable this only for troubleshooting.

By default, this OWASP ruleset uses a scoring system called paranoia levels, and the default is 1. If you want to read more about those levels, please refer to the following faqs OWASP Modsecurity ruleset FAQ.

In case you want to increase the paranoia level, please do the following:

Go to ruleset REQUEST-901-INITIALIZATION Rules Tab, then Edit in raw mode the rule number 901120, and change:

setvar:'tx.paranoia_level=1

by the desired paranoia level.

The WAF rulesets view shows an overview of the available rulesets:

idps settings

Name. A descriptive name to identify a ruleset. Click on it to enter the editing form.
Farms. The Farms to which the rule is applied. You may expand the farm list using an upward arrow placed adjacent to the FARM’s column header on its right. By default is limited to 20 characters.
STATUS. Ruleset status is represented by the following status colour codes:

  • Green. Means ENABLED. The ruleset is being checked for the farms that are using it.
  • Red. Means DISABLED. The ruleset is not enabled, thus it is not having any effect on the farm.

Actions. Allowed actions for the status of the WAF rules:

  • Edit. Modify the ruleset settings or assign a farm service if needed.
  • Restart. Reinitialize a WAF rule.
  • Start. Apply the WAF ruleset.
  • Delete. Remove a ruleset.
Was this article helpful?
Yes No

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support

Download Skudonet ADC Load Balancer
Community Edition

Source Code

A versatile and installable ADC system designed for diverse vendor hardware.

DOWNLOAD SOURCE

Installable ISO 

Load Balancing as a Service alongside an ADC orchestration toolkit.

DOWNLOAD ISO
Download Community Edition

Download Community Edition

“We manage the information you provide with the sole aim of assisting with your requests or queries in regards to our products or services; applying the computer and security procedures to ensure its protection. Your data can be rectified or removed upon request but won’t be offered to any third parties, unless we are legally required to do so.” Responsible: SKUDONET SL - info@skudonet.com