It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Restricting Direct Traffic

  • Last updated on

After you set up Barracuda WAF-as-a-Service for one or more of your applications, ensure that users cannot access your application server directly, without going through Barracuda WAF-as-a-Service.  

Be sure to follow these procedures if you change the deployment location of your applications. For details, refer to Moving an Application to Another Location.

Restricting Direct Traffic

For accounts created on or after November 5, 2019

Barracuda WAF-as-a-Service provides the IP ranges you need to accept.

To locate the IP ranges:

  1. Log into Barracuda WAF-as-a-Service and navigate to Applications.
  2. Click the application name.
  3. In the left panel, select Endpoints.
  4. On the Endpoints page, locate the IP Ranges to Allow section. Click Show IPs, then copy the IP ranges listed.
     endpointsShow2.png
  5. Configure your backend server to accept traffic only from those IP ranges. See sections below for guidance. 
For accounts created before November 5, 2019

Configure your application server to accept traffic only from the following Barracuda IP ranges.

  • 64.113.48.0/20

  • 34.228.125.58/32

  • 51.103.8.8/31

  • 52.142.154.84/31

 

Note: The IP address 34.228.125.58 is used in the Test Connection step of adding an application. For details, refer to Getting Started.

Allowing IPs for Exporting Logs

If you will be exporting log information, as described in Log Export, now is a good time to allow those IPs as well. 

To export logs, be sure to allow the following IPs:

  • 34.227.174.172
  • 40.71.30.40 

Configuring Your Backend Server

Consult your backend server documentation for specific instructions on this process. Here are links to some backend server documentation sets.

Application Servers
Host-Based Network Firewall
Cloud-Based Networks and Firewalls

 

Last updated on