Back to the Reverse-Proxy section
This feature is an intrusion detection and prevention engine for web applications. ( aka WAF )
It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks.
The module filters, and optionally rejects, incoming requests based on a number of different criteria like CGI variables, HTTP headers, environment variables, and even individual script parameters.
In order to have the best protection it is strongly advised to subscribe to an Enterprise License.
In order to detect and prevent attacks against web applications, the web application firewall checks all requests to your web server and related responses from the server against its set of rules.
If the check succeeds, the HTTP request is passed to website to retrieve the content.
If the check fails, the predefined actions are performed.
There are 2 modules that can be used in order to offer you the best security for your websites:
- The Web Firewall
It acts directly on the network layer and allows you to deny connections to your server or allow connections outside your server.
It prevent attacks by deny IP addresses with bad reputation with Cybercrime IP feeds feature
- The Web Application Firewall
which acts only on the operation in the HTTP protocol
- Install the Web firewall
- Deny incoming connections
- Quick deny an IP address using the real-time requests
- Cybercrime IP Feeds for Web-firewall
- Monitor blocked outgoing connections
- Monitor blocked incoming connections from Cybercrime IP Feeds
- Activate the Web Application Firewall under the Web firewall
- Install the Web application Firewall Feature (WAF).
- Activate the WAF engine on your websites
- How to check the Web Application firewall
- Display rules in real-time
- How to list all matched rules for a specific site ?
- Allowed protocols (eg PUT,LIST,DELETE)
- Scan posted files using Clamav
- Block uploaded files based on their file type
- Exclude some rules based on specific web applications
- Exclude from the Web Firewall using an IP source
- Exclude from the Web Firewall using geolocalization
- Disable rules globally
- Disable rules using threats events
- Disable rules according to the User-Agent
- Display all whitelisted rules.