It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Default Security Settings

  • Last updated on

Start your Barracuda WAF-as-a-Service deployment with reasonable default settings for several components. If needed, you can change these settings on a site-wide, per-URL, or per-parameter basis. 

 

Mechanism 

Description 

Default Setting 

WAFaaS Component 

Check Protocol Limits 

When enabled, checks size limits on various HTTP protocol elements, including request length and header length. These checks prevent a wide array of possible Buffer Overflow attacks. 

Yes 

Cookie Security Mode 

Handles cookies from external sources (i.e., those not created by Barracuda WAF-as-a-Service).

Available settings:

  • Encrypted – Makes all cookies un-readable by the client browser. 
  • Signed – Makes cookies visible, but attaches a signature to prevent tampering. 

Signed 

URL Protection 

When enabled, offers protection on a URL. These settings are ignored when URL Profiles are used for validating the incoming requests. 

Yes 

Parameter Protection 

When enabled, offers protection on request parameters by enforcing limits on various sizes. 

Yes 

SQL Injection Prevention 

When enabled, defends against SQL injection attacks that allow commands to be executed directly against the database, allowing disclosure and modification of data in the database.

Enabled

OS Command Injection Prevention 

When enabled, defends against OS commands that can be used to give attackers access to data and escalate privileges on servers. 

Enabled 

XSS Injection Prevention 

When enabled, defends against Cross-Site Scripting (XSS), that takes advantage of a vulnerable web site to attack clients who visit it.

Enabled 

Default Character Set 

Affects how incoming requests are decoded before inspection. The Default Character Set is used when the charset cannot be determined by other means. 

UTF-8 

Suppress Server Errors / Cloak Status Code

When active, enables Barracuda WAF-as-a-Service to insert a default or custom page in reaction to server response errors. 

Yes 

 

 

Last updated on