We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

URL Protection

  • Last updated on

URL requests, and embedded parameters within them, can contain malicious scripts. Attacks embedded in URL requests, or their parameters, are executed with the permissions of the executing component. The following is a partial list of attacks that can be perpetrated through unchecked URL requests or their parameters: injection of operating system or database commands into the parameters of a URL request, cross-site scripting, remote file inclusion attacks, and buffer overflow attacks.

Here is an example of malicious script within a URL request:

http://www.example.com/sharepoint/default.aspx/%22 );}if(true){alert(%22qwertytis

You can defend against these attacks by:

  • restricting the allowed methods in headers and content for invoked URL requests
  • restricting the number of request parameters and their lengths
  • limiting file uploads
  • specifying attack types to explicitly detect and block.

URL Protection uses a combination of these techniques to protect against various URL attack types. URL Protection defends the Service from URL request attacks.

Last updated on