Professional Documents
Culture Documents
Service
Security
Rules
WAF
Once you have completed the configuration of the WAF, which is deployed in front of your web application, you
might see that some requests are being blocked, even if they are legitimate requests.
Analyzing the logs will reveal that these requests are being blocked because you specified an overly restrictive
parameter in some of the security rules. In the Web firewall logs, there will be a suggestion on how to fix the
problem, and you can tell the WAF to fix the problem automatically. There are other automated tools that will
analyze the traffic, and they will also analyze the WAF configuration. If it turns out that there are too many
discrepancies between what the traffic is requesting and what the configuration is actually forcing, then the WAF
can change its own configuration accordingly. Or it can give you some suggestions. If you want to know more
about fine-tuning security rules, please follow the Tuning Security Rules track in the WAF advanced course.
Security
Rules
Barracuda WAF
Vulnerability
Scanners
Protecting your web application is not a one-time job. It is an ongoing process. You should always check the
WAF configuration. You might be satisfied with its configuration, but that doesn't mean that it’s the best
configuration for your web application. The WAF can use some external tools that allow you to scan your web
application through the WAF.
These tools create reports from these scans. You can then upload the reports into the WAF. It will then analyze
the reports and give you some suggestions about the WAF’s configuration based on the reports. For example,
recommendations about what you can do to fix the security rules. These fixes can be applied automatically, or
you can do the configuration manually. We have two products that will actually help you with this task. The first
is the Barracuda Vulnerability Manager, which is essentially a vulnerability scanner provided by us. It is free to
use. You just have to point it to your web application that is protected by a WAF, and then you will get a report.
Then you can let the WAF digest the report and then either configure itself or give itself such some suggestions.
Or you can use the Barracuda Vulnerability Remediation service, which will continuously scan your web apps
through the WAF and automatically reconfigure the WAF whenever a vulnerability has been found. Of course, we
also support third-party vulnerability scanners. They just have to be compatible with the format that we use when
you upload the report into the WAF. If you want to know more about mitigating website vulnerabilities, please
followed the WAF tuning advance track.
Thank You