WAF

Introduction to WAF Exception Policy

October 27, 2023 | NSFOCUS

Exception policies are supplements or restrictions to configured basic or advanced protection policies. On the Exception Policy page, you can create, edit, delete, and duplicate exception policies. You can also create and edit exception policies on the Website Protection page. Configuration procedure: Choose Security Management > Policy Management > Exception Policy, click Create in the […]

Introduction to NSFOCUS WAF Website Group Health Check

September 28, 2023 | NSFOCUS

The Website Group Health Check feature at Security Management -> Website Protection -> Root -> Website Group Health Check -> One-Click Check helps users to check whether the website group policies are working as configured and identify potential issues of site configuration compiling. For example, if users change any current website policy during the period […]

Introduction to NSFOCUS WAF Apply Rule Database

September 11, 2023 | NSFOCUS

In the versions before 6.0.7.3.61634, after users upgrade the NSFOCUS WAF Rule Database, they have to add the new rules one by one to the website’s policy based on the rule name or the rule number manually to apply the new policies. To improve user experience, the NSFOCUS WAF version 6.0.7.3.61634 has optimized this functionality. […]

Path Traversal Attack Protection

August 18, 2023 | NSFOCUS

A path traversal attack, or directory traversal, aims to access files and directories stored outside the web root folder. When the server does not check the user input strictly, by manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary […]

NSFOCUS WAF Log4j2_RCE Protection

July 27, 2023 | NSFOCUS

Logging events is a critical aspect of software development. While there are lots of frameworks available in Java ecosystem, Log4j has been the most popular for decades, due to the flexibility and simplicity it provides. Apache Log4j is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j 2 is a […]

Common SSL Vulnerability Protection

July 13, 2023 | NSFOCUS

This article describes how to configure security policies on NSFOCUS WAF for protection against some common SSL vulnerabilities. TLS Client-initiated Renegotiation Support on the Server – CVE-2011-1473 This vulnerability exists during SSL renegotiation, and services that use the SSL renegotiation function will be impacted. Although it is currently possible to use HTTPS without enabling the […]

Illegal Upload Protection

June 13, 2023 | NSFOCUS

When a client uploads a file to a server, NSFOCUS WAF performs protection based on the file type. If the file type matches an illegal upload restriction policy, NSFOCUS WAF allows or blocks the upload based on the corresponding action specified in the policy, and logs the event. On the Illegal Upload Restriction page, customers […]

Illegal Download Protection

June 1, 2023 | NSFOCUS

When a client downloads a file from a server, NSFOCUS WAF performs protection based on the file type, file size or MIME type. If the download file matches an illegal download restriction policy, NSFOCUS WAF allows or blocks the download based on the corresponding action specified in the policy, and logs the event. On the […]

Configuring TCP Flood Protection on NSFOCUS WAF

May 16, 2023 | NSFOCUS

According to the working principle of TCP/IP, only a certain amount of TCP/IP connections are allowed. Attackers exploit this to launch TCP flood attacks, which are divided into two types: An attacker sends too many SYN packets to a target server for processing, exhausting the server’s resources and making the server unresponsive to legitimate traffic. […]

Configuring Network-Layer Access Control on NSFOCUS WAF

May 2, 2023 | NSFOCUS

The network-layer access control function mainly controls the network layer and transport layer. It is a firewall function. NSFOCUS WAF incorporates this function to enable users to configure network-layer access controls on WAF. This function is available only when NSFOCUS WAF is deployed in in-path or out-of-path mode, but unavailable when the device is in […]