We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Load Balancer ADC

Configuring URL Protection

  • Last updated on

URL requests and embedded parameters in them can contain malicious script. Attacks embedded in URL requests or their parameters are executed with the permissions of the executing component. Injection of operating system or database commands into the parameters of a URL request, cross site scripting, remote file inclusion attacks, and buffer overflow attacks can all be perpetrated through unchecked URL requests or their parameters.

Here is an example of malicious script within a URL Request:

http://www.example.com/sharepoint/default.aspx/%22);}if(true){alert(%22qwertytis

Defense from these attacks is achieved by restricting the allowed methods in headers and content for invoked URL requests, restricting the number of request parameters and their lengths, limiting file uploads, and specifying attack types to explicitly detect and block. (Attack types are configured on SECURITY > Libraries or SECURITY > View Internal Patterns.) URL Protection uses a combination of these techniques to protect against various URL attack types. URL Protection defends the Service from URL request attacks when no URL Profile is configured to do it. For information URL Profiles, see Configuring Website Profiles.

To configure URL protection, select a policy from the Policy Name list and click Configure under URL Protection in the Security Policies section.

Last updated on