Exception policies are supplements or restrictions to configured basic or advanced protection policies. On the Exception Policy page, you can create, edit, delete, and duplicate exception policies. You can also create and edit exception policies on the Website Protection page. Configuration procedure: Choose Security Management > Policy Management > Exception...
Tag: Web Security
Introduction to NSFOCUS WAF Website Group Health Check
The Website Group Health Check feature at Security Management -> Website Protection -> Root -> Website Group Health Check -> One-Click Check helps users to check whether the website group policies are working as configured and identify potential issues of site configuration compiling. For example, if users change any current...
Introduction to NSFOCUS WAF Apply Rule Database
In the versions before 6.0.7.3.61634, after users upgrade the NSFOCUS WAF Rule Database, they have to add the new rules one by one to the website’s policy based on the rule name or the rule number manually to apply the new policies. To improve user experience, the NSFOCUS WAF version...
NSFOCUS Tops China’s Hardware WAF Market for Four Consecutive Years
IDC released the market share research report on China's hardware WAF market share recently. NSFOCUS ranks first with a market share of 11.9%, leading the WAF market in China for four consecutive years from 2019 to 2022. NSFOCUS's next-generation WAF has been selected by more than 5,000 organizations and has...
NSFOCUS WAF Log4j2_RCE Protection
Logging events is a critical aspect of software development. While there are lots of frameworks available in Java ecosystem, Log4j has been the most popular for decades, due to the flexibility and simplicity it provides. Apache Log4j is part of the Apache Logging Services, a project of the Apache Software...
Common SSL Vulnerability Protection
This article describes how to configure security policies on NSFOCUS WAF for protection against some common SSL vulnerabilities. TLS Client-initiated Renegotiation Support on the Server – CVE-2011-1473 This vulnerability exists during SSL renegotiation, and services that use the SSL renegotiation function will be impacted. Although it is currently possible to...
