In the process of using WAF, when we need to detect elements like hostname, URL path, HTTP request methods, and IP blacklists, we can utilize the HTTP Access Control function to meet these requirements. This article provides a detailed guide on using WAF’s HTTP Access Control feature and highlights relevant considerations. 1. HTTP Access Control […]
WAF licenses are classified into two types: 1. Trial-use license After a trial-use license expires: 2. Paid license After a paid license expires, the system can still provide protection functions, but the system upgrade cannot be conducted. The step of importing a license: Click System Management -> System Tools -> License -> Click Browse to […]
If the virtual product uses cloud authentication, it needs to communicate with the cloud authentication center periodically every day to complete the authentication and ensure availability. You can confirm the authorization mode under System Management -> System Tools -> License -> Authorized by. For example, in the image below, the device uses cloud authorization. If […]
The risk levels of API security events for NSFOCUS WAF version 6080 are categorized as follows: :Low Risk Events :Medium Risk Events :High Risk Events API Security Event Types: Event Type Description Abuse Attacks covered include JavaScript-related, account takeover, and CSRF. Sensitive Data Exposure Attacks covered include sensitive information leakage, anti-crawling, information leakage prevention, and […]
NSFOCUS WAF v.6080 provides protection for third-party API assets. The API security protection features assist clients in refining their inventory of API assets through a combination of proactive and reactive strategies. By integrating automatically generated API baselines and imported OAS files, NSFOCUS WAF conducts API compliance checks. NSFOCUS WAF supports parsing multi-protocol traffic for filtering […]
NSFOCUS WAF security reports are divided into classification-specific alert reports and period-specific alert reports. You can acquire reports based on query conditions, such as websites, event types, statistic collection periods, and statistic collection time. 1. Generation procedure: Logs & Reports > Security Reports > Classification-Specific Alert Report or Period-Specific Alert Report > Choose the query […]
For a specific protection policy, NSFOCUS WAF can configure five actions. For more details, please view NSFOCUS WAF Protection Actions. When configuring a policy with Action set to Disguise, you need to select an existing disguised response file or upload a new one. Such files, whether existing or newly uploaded, will be displayed on the […]
Simple Network Management Protocol (SNMP) is an application-layer protocol that transmits management data between network devices. SNMP belongs to the Transmission Control Protocol/Internet Protocol (TCP/IP) family and is one of the most widely used network protocols for managing and monitoring network components across a variety of industries. The majority of network components come with an […]
When you configure a protection policy for your protected website and set the protection action to block, NSFOCUS WAF supports three methods to execute blocking actions: Source IP Block, Session Block, and UA Block. Session Block and UA Block are newly added on system version 6073. Each block supports three forms: Never, Permanently block, and […]
NSFOCUS WAF supports multiple running modes. You can modify the running mode based on the network topology. Deployment Topology Deployment Topology can be set to In-Path, Out-of-Path, Reverse Proxy, Mirroring or Plugin-enabled. Mode Configuration Mode Configuration can be set to one of the following values (modes vary with deployment topologies): Emergency Mode After entering the […]
