AWe

JanuppXcelb Application Firewall

ary 2008

Table of Contents

DefensePr

Table of Contents

ChaP

T

A

ChaC

T

Ino User Guide 1

pter 1 - Web Application Firewall Overview................................ 1-1rotection Layers .................................................................................... 1-2Web Application on AppXcel ....................................................................... 1-2Signature-Based Intrusion Prevention ......................................................... 1-4Web Protocol Violations and Web Worms .................................................. 1-6Profile Violations .......................................................................................... 1-7he Blocking Process ........................................................................... 1-10Source Blocking versus Immediate Blocking ............................................ 1-10IP Blocking versus Application Session Blocking ...................................... 1-11The Process of Blocking Traffic ................................................................. 1-11ppXcel WAF Management ................................................................. 1-13AppXcel WAF Components ....................................................................... 1-13

pter 2 - Getting Started ................................................................. 2-1onfiguration Flow .................................................................................. 2-2Introduction .................................................................................................. 2-2AppXcel WAF Add-on license ..................................................................... 2-2Launching AppXcel WAF Management Interface from APSolute Insite ...... 2-3AppXcel WAF Protection Flow .................................................................... 2-5ouring the AppXcel WAF User Interface ............................................... 2-7Introduction .................................................................................................. 2-7On-Line Help ............................................................................................. 2-10itial Configuration ............................................................................... 2-11Introduction ................................................................................................ 2-11Defining Server Groups ............................................................................. 2-12Defining Network Firewall Rules ............................................................... 2-18Services ..................................................................................................... 2-22Special Server Configuration ..................................................................... 2-25Active Profile Settings ............................................................................... 2-30

SamLin

SamLin

SamLin

SamLin

SamLin

SamLin

Table of Contents

2

Chapter 3 - Setting the Operation Mode ............................................ 3-1Operation Modes .................................................................................... 3-2

Operation Modes - Introduction ................................................................... 3-2IP Restrictions ......................................................................................... 3-3

Restrict Monitoring to only this Source IP Group ........................................ 3-3Ignore this Source IP Group (except for firewall violations) ........................ 3-4

URL Restrictions ..................................................................................... 3-5

A

ChaA

C

C

P

ChaA

ADefensePro User Guide

Restrict Learning and Protection to only these URLs/Directories ............... 3-5Ignore the following URLs/Directories ......................................................... 3-7Ignore Static Files ........................................................................................ 3-8Ignore Parameters ....................................................................................... 3-9Ignore XML Elements .................................................................................. 3-9utomatic Profile Updates .................................................................... 3-10Automatic Profile Updates - Introduction ................................................... 3-10

pter 4 - Configuring Actions........................................................ 4-1ction Interfaces ..................................................................................... 4-2Introduction .................................................................................................. 4-2Defining Action Interfaces ........................................................................... 4-2onfiguring Action Policies ..................................................................... 4-4Configuring Action Policies - Introduction .................................................... 4-4onfiguring Server Groups Security Rules ............................................ 4-7Security Rules - Introduction ....................................................................... 4-7Firewall Rules ............................................................................................ 4-10Signature Rules ......................................................................................... 4-12Protocol Violation Rules ............................................................................ 4-13Web Worms Defender Rules ..................................................................... 4-19Profile Violation Rules ............................................................................... 4-22Custom Policy Rules ................................................................................. 4-26Correlation Rules ....................................................................................... 4-32reventing Blocking of Specific IP Addresses ...................................... 4-36

pter 5 - Monitoring......................................................................... 5-1ctivity Console ...................................................................................... 5-2Introduction .................................................................................................. 5-2lerts ....................................................................................................... 5-3Reading Alerts ............................................................................................. 5-3

Table of Contents

DefensePr

Browsing Monitored Events ....................................................................... 5-10Operations on Alerts .................................................................................. 5-11Additional View options ............................................................................. 5-12Browsing Alerts ......................................................................................... 5-13Sorting Alerts ............................................................................................. 5-13Filtering Alerts ........................................................................................... 5-15Clearing the Alerts List .............................................................................. 5-16

G

B

R

S

N

ChaD

ChaAo User Guide 3

Clearing All Alerts that Match a Filter ........................................................ 5-16Alert Aggregation ....................................................................................... 5-17ateways .............................................................................................. 5-21Gateways - Introduction ............................................................................ 5-21locked Sources ................................................................................... 5-24Blocked Sources - Introduction ................................................................. 5-24eports ................................................................................................. 5-26Reports - Introduction ................................................................................ 5-26Alert Analysis Reports ............................................................................... 5-30Top 20/100 Reports ................................................................................... 5-31Profile Reports ........................................................................................... 5-32Assessment Reports ................................................................................. 5-33ystem Log ........................................................................................... 5-35System Log - Introduction ......................................................................... 5-35otifications .......................................................................................... 5-37Notifications - Introduction ......................................................................... 5-37

pter 6 - Web Profiles ..................................................................... 6-1ynamic Profiling .................................................................................... 6-2Dynamic Profiling - Introduction .................................................................. 6-2Web Server Group Profiles ......................................................................... 6-2 URLs Profile ......