NSFOCUS WAF Log4j2_RCE Protection
July 27, 2023
Logging events is a critical aspect of software development. While there are lots of frameworks available in Java ecosystem, Log4j has been the most popular for decades, due to the flexibility and simplicity it provides. Apache Log4j is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j 2 is a […]
Common SSL Vulnerability Protection
July 13, 2023
This article describes how to configure security policies on NSFOCUS WAF for protection against some common SSL vulnerabilities. TLS Client-initiated Renegotiation Support on the Server – CVE-2011-1473 This vulnerability exists during SSL renegotiation, and services that use the SSL renegotiation function will be impacted. Although it is currently possible to use HTTPS without enabling the […]
NSFOCUS WAF Secure Data Transfer
October 13, 2022
NSFOCUS WAF secures data transmission by restricting domain names, URLs, and request methods, and it can improve transmission security by converting ordinary HTTP requests into HTTPS requests forcibly. Configuration precondition: Configure HTTP and HTTPS sites and ensure that both HTTP and HTTPS sites can be accessed. Configuration method: Step 1: Click Security Management > Website […]
XSS Attack Protection
September 30, 2022
Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to […]
Description of the Server Name Indication Feature on NSFOCUS WAF
September 22, 2022
The early SSLv2 was designed based on the classic public key infrastructure. By default, a server or an IP address could provide only one service so that the server could know which certificate to serve during the SSL handshake. The widespread use of virtual hosts leads to the situation where multiple domain names are mapped […]
Configuring HTTP Access Control on NSFOCUS WAF
August 12, 2022
HTTP access control policies can prevent websites from unauthorized and malicious access by controlling over HTTP requests that protected resources respond to. NSFOCUS WAF inspects requests and takes actions when a request matches any of policies you specified. Multiple policies can be applied to a single website and evaluated in top-down order. Once a packet […]
Cloud Native Security in Infrastructure Construction
September 15, 2021
Cloud native security is the development trend of cloud security in the coming years. On the one hand, inherent security of cloud native is worthy of in-depth study. On the other hand, with the reconstruction and upgrade of infrastructure, there is a clear trend towards the integration of cloud native technologies and information infrastructure. 5G, edge […]
Top Four Risks When Using Serverless Function in Cloud Native Applications
September 10, 2021
Serverless is a new computing mode of the cloud native architecture, mainly taking the form of function as a service (FaaS). For the serverless mode, developers will write a function and define when and how to invoke it and then the function will run in the server provided by the cloud provider. All developers need […]
API Security in Cloud Native Applications
September 7, 2021
Cloud native applications, based on the microservice architecture, interact with each other by sending requests or response through APIs. Arguably, API communications play an essential role in interactions of cloud native applications. Therefore, API security is an indispensable part of cloud native application security. API-related security issues shown below have a direct impact on security […]
Zero-Trust Cloud Native Network Security Enabled by Micro-segmentation
August 31, 2021
Traditional networks or virtual networks have employed network segregation technologies like VLAN or VPC which are, however, more often used for segregation of deterministic networks or tenant networks. In cloud native environments, containers or microservices have a shorter lifecycle and change more frequently compared with traditional networks or tenant networks. Complex business access relationships are […]
