It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Form Protection

  • Last updated on

The nature of forms - multiple fields collecting data for delivery to back end servers - includes multiple vectors of attack. WAF-as-a-Service provides in depth protection against such attacks. 

Enable Form Protection

  1. From App Profiles, click the URL containing a form you would like to protect.

  2. In the right panel, click on Form Protection.

The following features are part of Form Protection and each can be configured to protect app forms from attacks.

  • Brute Force Protection – Stops attacks from making multiple automated submissions using forms in your applications. It also stops attackers from systematically trying to access pages over and over again with the intention of trying multiple username/password combinations to brute force entry in to your application.

  • Data Theft Protection Usage – Prevents unauthorized disclosure of confidential information.

  • File Upload Protection – This incorporates both Advanced Threat Protection (BATP) and Virus Scanning. 

  • Login Form Information – For credential protection to work you need to specify the format and details for the login form.

  • Credential Attack Protection – Protects against Credential Stuffing and/or Credential Spraying.

  • Privileged Account Protection – Watches for signs of account takeover by evaluating session elements such as the connecting entity’s geolocation, user agent, header value, and network details.

  • Exempt Status Code - Enables you to specify HTTP response status codes that needs to be exempted from cloaking at the URL policy level.

Notes:

  • Only features that are licensed or made available for your application will appear in the right panel.

  • Privileged account protection is only available on datapath v12.0 and later.