If the anomaly score is 5 or greater, and the WAF is in Prevention mode, the request is blocked. The severity affects a numeric value for the request, which is called the anomaly score: Rule severity Instead, the OWASP rule sets define a severity for each rule: Critical, Error, Warning, or Notice. Traffic that matches any rule isn't immediately blocked, even when your WAF is in prevention mode. When you use CRS, your WAF is configured to use anomaly scoring by default. No other custom rules or the rules in the Core Rule Set are processed. The request is either blocked or passed through to the back-end. If a request matches a custom rule, the corresponding rule action is applied. Additionally, custom rules can be configured in the same WAF policy if you wish to bypass any of the pre-configured rules in the Core Rule Set.Ĭustom rules are always applied before rules in the Core Rule Set are evaluated. For more information, see Web Application Firewall (WAF) with Application Gateway exclusion lists.īy default, CRS version 3.2 and above will leverage anomaly scoring when a request matches a rule, CRS 3.1 and below will block matching requests by default.
Exclusion rules apply to your whole web application. You can configure exclusions to apply when specific WAF rules are evaluated, or to apply globally to the evaluation of all WAF rules. A common example is Active Directory-inserted tokens that are used for authentication. Sometimes you might need to omit certain request attributes from a WAF evaluation. The Bot Manager ruleset supports the allow, block and log actions. The CRS supports block, log and anomaly score actions. You can also set specific actions per rule. You can disable or enable individual rules within the Core Rule Set to meet your application requirements. Common application misconfigurations (for example, Apache and IIS)ĬRS is enabled by default in Detection mode in your WAF policies.HTTP protocol anomalies, such as missing host user-agent and accept headers.Other common attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion.
The WAF protects against the following web vulnerabilities:
0 kommentar(er)
