Start your Barracuda WAF-as-a-Service deployment with reasonable default settings for several components. If needed, you can change these settings on a site-wide, per-URL, or per-parameter basis.
Check Protocol Limits
When enabled, checks size limits on various HTTP protocol elements, including request length and header length. These checks prevent a wide array of possible Buffer Overflow attacks.
Cookie Security Mode
Handles cookies from external sources (i.e., those not created by Barracuda WAF-as-a-Service).
When enabled, offers protection on a URL. These settings are ignored when URL Profiles are used for validating the incoming requests.
When enabled, offers protection on request parameters by enforcing limits on various sizes.
SQL Injection Prevention
When enabled, defends against SQL injection attacks that allow commands to be executed directly against the database, allowing disclosure and modification of data in the database.
OS Command Injection Prevention
When enabled, defends against OS commands that can be used to give attackers access to data and escalate privileges on servers.
XSS Injection Prevention
When enabled, defends against Cross-Site Scripting (XSS), that takes advantage of a vulnerable web site to attack clients who visit it.
Default Character Set
Affects how incoming requests are decoded before inspection. The Default Character Set is used when the charset cannot be determined by other means.
Suppress Server Errors / Cloak Status Code
When active, enables Barracuda WAF-as-a-Service to insert a default or custom page in reaction to server response errors.