It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda Web Application Firewall

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Securing HTTP/HTTPS Traffic

Last updated on 2020-10-12 18:50:01

The Barracuda Web Application Firewall protects your application from the attacks that are categorized by OWASP, as well as additional attacks such as application DDoS attacks, Slow Client attacks, Session hijacking attacks, XML / SOAP based attacks, etc. This is applicable to both HTTP and HTTPS application traffic. The Barracuda Web Application Firewall provides a variety of security policies to protect websites and web services. Security Policies define matching criteria for requests, and specify what actions to take when a request matches. All policies are global and they can be shared among multiple services configured on the Barracuda Web Application Firewall. For HTTPS applications, the Barracuda Web Application Firewall decrypts the SSL traffic before matching the HTTP requests with security policies.

When a Service requires customized settings, the provided security policies can be tuned, or customized policies can be created. Each policy is a collection of nine sub-policies. Modify a policy by editing the value of the parameter(s) on the sub-policy page.

In this Section:

Enabling the features listed below requires the response content from the server to be rewritten. Therefore, a request rewrite rule gets added to remove the Accept-Encoding header in the HTTP Request Rewrite section on the Website Translations page. This instructs the web server to send uncompressed responses. In the Barracuda Web Application Firewall 460 and above, the responses can be compressed using the compression feature. For more information on compression, see Configuring Caching and Compression.

The features to which rewrite rule is added when enabled are:

URL Encryption
CSRF Protection
Hidden Parameter Protection
Data Theft Protection
Web Scraping
DDoS Prevention
Instant SSL
Response Body Rewrite
Learning (Website Profiles)
CSRF under Parameter Protection
URL Protection (only if CSRF is enabled)