Appxcel Waf Ug

Click here to load reader

  • date post

    28-Nov-2015
  • Category

    Documents

  • view

    154
  • download

    9

Embed Size (px)

Transcript of Appxcel Waf Ug

  • AWe

    JanuppXcelb Application Firewall

    ary 2008

  • Table of Contents

    DefensePr

    Table of Contents

    ChaP

    T

    A

    ChaC

    T

    Ino User Guide 1

    pter 1 - Web Application Firewall Overview................................ 1-1rotection Layers .................................................................................... 1-2Web Application on AppXcel ....................................................................... 1-2Signature-Based Intrusion Prevention ......................................................... 1-4Web Protocol Violations and Web Worms .................................................. 1-6Profile Violations .......................................................................................... 1-7he Blocking Process ........................................................................... 1-10Source Blocking versus Immediate Blocking ............................................ 1-10IP Blocking versus Application Session Blocking ...................................... 1-11The Process of Blocking Traffic ................................................................. 1-11ppXcel WAF Management ................................................................. 1-13AppXcel WAF Components ....................................................................... 1-13

    pter 2 - Getting Started ................................................................. 2-1onfiguration Flow .................................................................................. 2-2Introduction .................................................................................................. 2-2AppXcel WAF Add-on license ..................................................................... 2-2Launching AppXcel WAF Management Interface from APSolute Insite ...... 2-3AppXcel WAF Protection Flow .................................................................... 2-5ouring the AppXcel WAF User Interface ............................................... 2-7Introduction .................................................................................................. 2-7On-Line Help ............................................................................................. 2-10itial Configuration ............................................................................... 2-11Introduction ................................................................................................ 2-11Defining Server Groups ............................................................................. 2-12Defining Network Firewall Rules ............................................................... 2-18Services ..................................................................................................... 2-22Special Server Configuration ..................................................................... 2-25Active Profile Settings ............................................................................... 2-30

    SamLin

    SamLin

    SamLin

    SamLin

    SamLin

    SamLin

  • Table of Contents

    2

    Chapter 3 - Setting the Operation Mode ............................................ 3-1Operation Modes .................................................................................... 3-2

    Operation Modes - Introduction ................................................................... 3-2IP Restrictions ......................................................................................... 3-3

    Restrict Monitoring to only this Source IP Group ........................................ 3-3Ignore this Source IP Group (except for firewall violations) ........................ 3-4

    URL Restrictions ..................................................................................... 3-5

    A

    ChaA

    C

    C

    P

    ChaA

    ADefensePro User Guide

    Restrict Learning and Protection to only these URLs/Directories ............... 3-5Ignore the following URLs/Directories ......................................................... 3-7Ignore Static Files ........................................................................................ 3-8Ignore Parameters ....................................................................................... 3-9Ignore XML Elements .................................................................................. 3-9utomatic Profile Updates .................................................................... 3-10Automatic Profile Updates - Introduction ................................................... 3-10

    pter 4 - Configuring Actions........................................................ 4-1ction Interfaces ..................................................................................... 4-2Introduction .................................................................................................. 4-2Defining Action Interfaces ........................................................................... 4-2onfiguring Action Policies ..................................................................... 4-4Configuring Action Policies - Introduction .................................................... 4-4onfiguring Server Groups Security Rules ............................................ 4-7Security Rules - Introduction ....................................................................... 4-7Firewall Rules ............................................................................................ 4-10Signature Rules ......................................................................................... 4-12Protocol Violation Rules ............................................................................ 4-13Web Worms Defender Rules ..................................................................... 4-19Profile Violation Rules ............................................................................... 4-22Custom Policy Rules ................................................................................. 4-26Correlation Rules ....................................................................................... 4-32reventing Blocking of Specific IP Addresses ...................................... 4-36

    pter 5 - Monitoring......................................................................... 5-1ctivity Console ...................................................................................... 5-2Introduction .................................................................................................. 5-2lerts ....................................................................................................... 5-3Reading Alerts ............................................................................................. 5-3

  • Table of Contents

    DefensePr

    Browsing Monitored Events ....................................................................... 5-10Operations on Alerts .................................................................................. 5-11Additional View options ............................................................................. 5-12Browsing Alerts ......................................................................................... 5-13Sorting Alerts ............................................................................................. 5-13Filtering Alerts ........................................................................................... 5-15Clearing the Alerts List .............................................................................. 5-16

    G

    B

    R

    S

    N

    ChaD

    ChaAo User Guide 3

    Clearing All Alerts that Match a Filter ........................................................ 5-16Alert Aggregation ....................................................................................... 5-17ateways .............................................................................................. 5-21Gateways - Introduction ............................................................................ 5-21locked Sources ................................................................................... 5-24Blocked Sources - Introduction ................................................................. 5-24eports ................................................................................................. 5-26Reports - Introduction ................................................................................ 5-26Alert Analysis Reports ............................................................................... 5-30Top 20/100 Reports ................................................................................... 5-31Profile Reports ........................................................................................... 5-32Assessment Reports ................................................................................. 5-33ystem Log ........................................................................................... 5-35System Log - Introduction ......................................................................... 5-35otifications .......................................................................................... 5-37Notifications - Introduction ......................................................................... 5-37

    pter 6 - Web Profiles ..................................................................... 6-1ynamic Profiling .................................................................................... 6-2Dynamic Profiling - Introduction .................................................................. 6-2Web Server Group Profiles ......................................................................... 6-2 URLs Profile ......