Web Application Firewall(WAF)
Publisher: Psychz Networks, January 29,2018This article focuses on the Web Application Firewall feature that we offer as a part of our security services.
You can follow the below path to access Web Application Firewall page.
CDN Main Page > Manage Domain > Security > Web Application Firewall
1. You can access CDN main page by clicking on the following link https://www.psychz.net/dashboard/client/web/cdn
2. Click on the "Manage Domain" button on the CDN homepage.
3. The "Manage Domain" page contains a list of all the domains that your device is associated with. Click on the "Manage" button on the right-side of the domain to make changes to that domain.
4. Click on the "Security" button to open the security settings of that domain.
Web Application Firewall(WAF)
The Web Application Firewall is specifically designed for web-based applications. You can manage WAF by whitelisting applications and altering settings or add different rules to different files. You will find three options under WAF:
Settings
SQL Injection Protection - Click on the SQL Injection Protection button to activate the feature. The SQL Injection is a process in which the server is attacked by malicious SQL statements. A SQL Injection can harm website by corrupting their data. It is beneficial to have SQL Injection Protection to secure your database.
RFI Protection - RFI or Remote File Inclusion is another way of attack on a web-based application. In this type of attack, a malicious file is included in the web application which leads to server hacking or crash. You can click on the button beside RFI Protection to turn on the feature.
Directory Traversal Protection - Turn ON the Directory Traversal Protection feature to ensure protection against Directory Traversal attacks. The Directory Traversal attack is a type of HTTP attack through which the attackers are able to access restricted directories. If the attacker is able to access the file system, he can alter your server configuration.
XSS Protection - The XSS or Cross-site scripting is another type of attack focussed on a web-based application. Use XSS Protection to Turn ON protection against XSS attacks.
App Whitelisting
With this feature, you can choose a specific application to whitelist from the Web Application Firewall. All you have to do is go to the App Whitelisting page and select the application from a drop-down list.
Firewall Exclusion
With the Firewall Exclusion feature, the user can set a specific rule for a particular file or folder. Click on the "Add" button on the Firewall Exclusion page to open the pop-up box. Select among the different rules like Upload Rule, SQL Injection Protection, RFI Protection among others and select the location of the file or folder on which you want the rule to be implemented.