The differences between these two modes, and where they are used, can be confusing. This article aims to clarify the differences between the two modes.
Where you can make the settings:
- In the Barracuda Web Application Firewall, you can configure a service (site) in two modes: Passive Mode and Active Mode .
- In the Barracuda Vulnerability Remediation Service, you can also mitigate a single vulnerability in either Passive Mode or Active Mode .
What the settings mean:
- In Passive Mode, the Barracuda Web Application Firewall monitors for security violations and logs them, but does not block them.
- In Active Mode, the Barracuda Web Application Firewall monitors for security violations and blocks them, thereby ensuring they do not reach your server.
Barracuda Networks recommends:
Mitigate vulnerabilities temporarily in Passive Mode, monitor the logs to ensure no issues arise, and then switch them to Active Mode.
For more information on the recommended workflow for the Barracuda Vulnerability Remediation Service, see Step 3: Scan and Remediate Vulnerabilities.
Note that both the service (site) and a particular vulnerability mitigation must be in Active Mode to block violations, as shown here:
Setting of Service | Setting for Mitigating Vulnerability | Effect |
---|---|---|
Passive Mode | Passive Mode | Passive Mode |
Passive Mode | Active Mode | Passive Mode |
Active Mode | Passive Mode | Passive Mode |
Active Mode | Active Mode | Active Mode |