Contents

Popular

Overview

A Web Application Firewall filters, monitors, and blocks HTTP traffic to and from API proxies. While normal firewalls serve as a safety gateway between servers, a WAF helps to filter the content of specific web applications.

To integrate WAF functionality in the Fiorano API Gateway server, configure WAF to a Resource in the API Project.

Enabling WAF

To enable WAF to a Resource in an API project, perform the following actions:

  1. Create an API Project.
  2. Go to the Resource Configuration.
  3. Go to WAF Configuration.
  4. Select the Enable Web Application Firewall (WAF) option.

Configuring WAF

To configure WAF,

  1. Provide the filter Class name in the WAF Filter Class text field.

    webcastellum WAF
    ESAPI WAF

  2. Provide the filter configuration in the WAF Filter Configuration section. Click the Add  button to add additional attributes.

    webcastellum WAF

    NameValue
    LogVerboseForDevelopmentMode
    true
    Debug
    false
    ProductionMode
    false
    ExtraDisabledFormFieldProtection
    false
    ParameterAndFormProtection
    false
    QueryStringEncryption
    false
    SecretTokenLinkInjection
    false
    BlockNonLocalRedirects
    false
    ForceEntranceThroughEntryPoints
    false
    HandleUncaughtExceptions
    true
    RuleFileReloadingInterval
    60
    RuleLoader
    org.webcastellum.FilesystemRuleFileLoader
    AttackLogDirectory
    {WAF_LOGS_DIR}
    RuleFilesBasePath
    {WAF_RULES_DIR}
    FlushResponsefalse

    ESAPI WAF

    NameValue
    configuration
    {WAF_RULES_DIR}\restrict-source-ip-policy.xml

  3. Click the Add rules button to add the zip file which contains the configured rules files and click the Upload button to attach the files to the resource.

    Sample rules can be found at:

    Webcastllum

    <Installer>\APIManagement\samples\waf\webcastellum

    ESAPI

    <Installer>\APIManagement\samples\waf\ESAPI

  4. Save and deploy the API project.

Adaptavist ThemeBuilder EngineAtlassian Confluence