Metacharacters indicate suspicious traffic, but not necessarily an actual threat. Support only auto-detect parameter value type and acts according to the result: plain alphanumeric string, XML or JSON.ĭetected in parameter names, parameter values, URLs, headers and in JSON and XML content. These include directory traversal, bad escaped character and more.ĭetects and masks credit card and/or US social security numbers in responses. These checks cannot be disabled.Īll evasion techniques are enabled by default and each can be disabled. Some of the checks enabled by default can be disabled, but others, such as bad HTTP version and null in request are performed by the NGINX parser and NGINX App Protect WAF only reports them. It is possible to enable any of these two. The default policy enables threat campaigns but it is possible to disable it through the respective violation.Īll HTTP protocol compliance checks are enabled by default except for GET with body and POST without body. They are very accurate and have almost no false positives, but are very specific and do not detect malicious traffic that is not part of those campaigns. These are patterns that detect all the known attack campaigns. Support adding signatures per added server technology. The user can disable any of them or add other sets. Protection Mechanismĭefault policy covers all the OWASP top 10 attack patterns enabling signature sets detailed in a section below. We show what is enabled in the default policy and the changes that the user can do on top of this policy. The following security features are supported in NGINX App Protect WAF. An example can be found in Configure Static Location. If configuration returns static content, the user must add a location which enables App Protect, and proxies the request via proxy_pass to the internal static content location. Important: When configuring NGINX App Protect WAF, app_protect_enable should always be enabled in a proxy_pass location.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |