Logging events is a critical aspect of software development. While there are lots of frameworks available in Java ecosystem, Log4j has been the most popular for decades, due to the flexibility and simplicity it provides. Apache Log4j is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j 2 is a […]
This article describes how to configure security policies on NSFOCUS WAF for protection against some common SSL vulnerabilities. TLS Client-initiated Renegotiation Support on the Server – CVE-2011-1473 This vulnerability exists during SSL renegotiation, and services that use the SSL renegotiation function will be impacted. Although it is currently possible to use HTTPS without enabling the […]
When a client uploads a file to a server, NSFOCUS WAF performs protection based on the file type. If the file type matches an illegal upload restriction policy, NSFOCUS WAF allows or blocks the upload based on the corresponding action specified in the policy, and logs the event. On the Illegal Upload Restriction page, customers […]
When a client downloads a file from a server, NSFOCUS WAF performs protection based on the file type, file size or MIME type. If the download file matches an illegal download restriction policy, NSFOCUS WAF allows or blocks the download based on the corresponding action specified in the policy, and logs the event. On the […]
According to the working principle of TCP/IP, only a certain amount of TCP/IP connections are allowed. Attackers exploit this to launch TCP flood attacks, which are divided into two types: An attacker sends too many SYN packets to a target server for processing, exhausting the server’s resources and making the server unresponsive to legitimate traffic. […]
The network-layer access control function mainly controls the network layer and transport layer. It is a firewall function. NSFOCUS WAF incorporates this function to enable users to configure network-layer access controls on WAF. This function is available only when NSFOCUS WAF is deployed in in-path or out-of-path mode, but unavailable when the device is in […]
In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level. Computer system […]
WAF REST API is known as the secondary development interface, and can be called by third-party platforms/software for adding, deleting, modifying, and querying WAF as wells its site, policy, and other configurations. Basic Conventions Format conventions: WAF REST API requests and responses are in JSON format: The attribute (primary key) name and character string of […]
To protect HTTPS websites, the certificate used by these websites needs to be uploaded to NSFOCUS WAF. These certificates may be in different formats, such as .pfx, .crt, and .pem. NSFOCUS WAF, however, supports .cer certificates only. Therefore, the customer needs to extract the certificate information and private key from the original certificate file and […]
WAF web decoding function can decode base64-encoded data. After that, WAF performs attack detection by identifying attack signatures and provides prevention. The web decoding function is configured per website. Web Decoding Configuration Step 1. Choose Security Management > Website Protection, select a website group, click Web Decoding, and then click Create in the upper-right corner […]
