WAF

WAF License Import

August 30, 2024 | NSFOCUS

WAF licenses are classified into two types: 1. Trial-use license After a trial-use license expires: 2. Paid license After a paid license expires, the system can still provide protection functions, but the system upgrade cannot be conducted. The step of importing a license: Click System Management -> System Tools -> License -> Click Browse to […]

WAF Cloud Authentication Issue Troubleshooting

August 22, 2024 | NSFOCUS

If the virtual product uses cloud authentication, it needs to communicate with the cloud authentication center periodically every day to complete the authentication and ensure availability. You can confirm the authorization mode under System Management -> System Tools -> License -> Authorized by. For example, in the image below, the device uses cloud authorization. If […]

API Security Events Classification

May 15, 2024 | NSFOCUS

The risk levels of API security events for NSFOCUS WAF version 6080 are categorized as follows: :Low Risk Events :Medium Risk Events :High Risk Events API Security Event Types: Event Type Description Abuse Attacks covered include JavaScript-related, account takeover, and CSRF. Sensitive Data Exposure Attacks covered include sensitive information leakage, anti-crawling, information leakage prevention, and […]

NSFOCUS WAF API Security Overview

March 29, 2024 | NSFOCUS

NSFOCUS WAF v.6080 provides protection for third-party API assets. The API security protection features assist clients in refining their inventory of API assets through a combination of proactive and reactive strategies. By integrating automatically generated API baselines and imported OAS files, NSFOCUS WAF conducts API compliance checks. NSFOCUS WAF supports parsing multi-protocol traffic for filtering […]

NSFOCUS WAF Security Reports

February 8, 2024 | NSFOCUS

NSFOCUS WAF security reports are divided into classification-specific alert reports and period-specific alert reports. You can acquire reports based on query conditions, such as websites, event types, statistic collection periods, and statistic collection time. 1. Generation procedure: Logs & Reports > Security Reports > Classification-Specific Alert Report or Period-Specific Alert Report > Choose the query […]

NSFOCUS WAF Disguised Response File Management

January 18, 2024 | NSFOCUS

For a specific protection policy, NSFOCUS WAF can configure five actions. For more details, please view NSFOCUS WAF Protection Actions. When configuring a policy with Action set to Disguise, you need to select an existing disguised response file or upload a new one. Such files, whether existing or newly uploaded, will be displayed on the […]

Introduction to NSFOCUS WAF SNMP

December 22, 2023 | NSFOCUS

Simple Network Management Protocol (SNMP) is an application-layer protocol that transmits management data between network devices. SNMP belongs to the Transmission Control Protocol/Internet Protocol (TCP/IP) family and is one of the most widely used network protocols for managing and monitoring network components across a variety of industries. The majority of network components come with an […]

Introduction to NSFOCUS WAF Blocking Method

November 24, 2023 | NSFOCUS

When you configure a protection policy for your protected website and set the protection action to block, NSFOCUS WAF supports three methods to execute blocking actions: Source IP Block, Session Block, and UA Block. Session Block and UA Block are newly added on system version 6073. Each block supports three forms: Never, Permanently block, and […]

NSFOCUS WAF Running Modes

November 7, 2023 | NSFOCUS

NSFOCUS WAF supports multiple running modes. You can modify the running mode based on the network topology. Deployment Topology Deployment Topology can be set to In-Path, Out-of-Path, Reverse Proxy, Mirroring or Plugin-enabled. Mode Configuration Mode Configuration can be set to one of the following values (modes vary with deployment topologies): Emergency Mode After entering the […]

Introduction to WAF Exception Policy

October 27, 2023 | NSFOCUS

Exception policies are supplements or restrictions to configured basic or advanced protection policies. On the Exception Policy page, you can create, edit, delete, and duplicate exception policies. You can also create and edit exception policies on the Website Protection page. Configuration procedure: Choose Security Management > Policy Management > Exception Policy, click Create in the […]