We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Load Balancer ADC

Configuring Parameter Protection

  • Last updated on

Parameter protection defends the service from attacks based on parameter values in the absence of a parameter profile. It is a replacement for the settings that can otherwise be found under a parameter profile, and applies to all parameters when profiles are not being used. It defines strict limitations in form fields and other parameters. It deep inspects user input when a FORM is submitted. This allows users to set up validation rules for FORM parameters.

Special characters such as " ' ", " ; " or ' ' are used to embed SQL expressions in parameter values. SQL keywords such as "OR," "SELECT," "UNION" can be embedded in parameter values to exploit vulnerabilities. Special characters such as '<' or keywords such as "<script>," "<img" are used to embed html tags in parameter values in the case of Cross-Site Scripting attacks. Keywords such as "xp_cmdshell" are used in System Command Injection attacks.

To configure parameter protection, go to SECURITY > Security Policies, select a policy, and scroll down to the Parameter Protection section. See the Online Help on the Barracuda Load Balancer ADC for detail instructions on how to configure parameter protection.

Last updated on