The SKUDONET Web Application Firewall (WAF) is a tool that can be used to detect and block malicious HTTP traffic. It works by searching and analyzing patterns to apply advanced security policies. These rules are grouped into sets and can be applied to HTTP farms. For HTTPS traffic, WAF rules will be checked after the TLS Encryption has been terminated.
SKUDONET IPDS packages use the OWASP ModSecurity rules v3, but you can also create your own ruleset to protect your system against any kind of attack. If you want to read more about OWASP rules, refer to the Owasp Modesecurity Project.
By default, the OWASP ruleset uses a scoring system called paranoia levels, and the default level is 1. If you want to read more about these levels, refer to this article: Paranoia levels
If you want to increase the paranoia level, do the following:
- Go to the REQUEST-901-INITIALIZATION ruleset.
- Click the Rules tab.
- Locate the rule number 901120 and edit it in Raw mode
- Change setvar:’tx.blocking_paranoia_level=1′ to the desired paranoia level.
The image below shows a list of preconfigured WAF rules:
Below are the descriptions for each field in the table shown in the image above.
Name: A unique name for the ruleset.
Preloaded: Yes. The ruleset is preloaded by the skudonet-ipds package. Edited. The rule is preloaded and has been modified by the system administrator. Inside the ruleset the system shows the changes applied by the user.
Farms: The farms to which the ruleset is applied.
STATUS: The ruleset status is represented by the following colour codes:
- Green: Enabled. The ruleset is being applied to the farm.
- Red: Disabled. The ruleset is not enabled, so it does not have any effect on the farm.
Actions: The following actions are allowed for the status of the WAF rules:
- Create WAF ruleset: Opens a form to create a new WAF ruleset.
- Edit: Modify the ruleset settings or assign a farm service.
- Restart: Reload a WAF ruleset.
- Start: Apply the WAF ruleset.
- Restore. The changes applied to the ruleset are reverted to the original.
- Delete: Remove a ruleset.
Take into consideration that any changes applied to the rulesets can be applied to the farms without stopping the farm.
Next Article: IPDS | WAF | Rulesets | Create