It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda WAF-as-a-Service

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Form Protection

Last updated on 2024-09-25 02:29:26

The nature of forms - multiple fields collecting data for delivery to back end servers - includes multiple vectors of attack. WAF-as-a-Service provides in depth protection against such attacks.

Enable Form Protection

From App Profiles, click the URL containing a form you would like to protect.
In the right panel, click on Form Protection.

The following features are part of Form Protection and each can be configured to protect app forms from attacks.

Brute Force Protection – Stops attacks from making multiple automated submissions using forms in your applications. It also stops attackers from systematically trying to access pages over and over again with the intention of trying multiple username/password combinations to brute force entry in to your application.
Data Theft Protection Usage – Prevents unauthorized disclosure of confidential information.
File Upload Protection – This incorporates both Advanced Threat Protection (BATP) and Virus Scanning.
Login Form Information – For credential protection to work you need to specify the format and details for the login form.
Credential Attack Protection – Protects against Credential Stuffing and/or Credential Spraying.
Privileged Account Protection – Watches for signs of account takeover by evaluating session elements such as the connecting entity’s geolocation, user agent, header value, and network details.
Exempt Status Code - Enables you to specify HTTP response status codes that needs to be exempted from cloaking at the URL policy level.

Notes:

Only features that are licensed or made available for your application will appear in the right panel.
Privileged account protection is only available on datapath v12.0 and later.