Global ACLs (URL ACLs) are strict allow/deny rules shareable among multiple services configured on the Barracuda Web Application Firewall. They are associated with configured Security Policies.
Steps To Configure Global ACLs
- Go to the SECURITY POLICIES > Global ACLs page.
- Select the policy from the Policy Name drop-down list.
- In the Create Global ACL section, specify values for the following:
- URL ACL Name – Enter a name for the URL ACL.
- URL Match – Enter a URL to be matched against the URL in the request. The URL should start with a "/" and can have at most one " * " anywhere in the URL. Examples: /Bank/Forms/*, /images/*.
- Extended Match – Define an expression that consists of a combination of HTTP headers and/or query string parameters. This expression is used to match against special attributes in the HTTP headers or query string parameters in the requests. Use '*' to denote "any request", that is, do not apply the Extended Match condition. For information on how to write extended match expression, see Extended Match Syntax Help.
Extended Match Sequence – Enter a number to indicate the order in which the extended match rule must be evaluated in the requests.
- Range:1 to 1000
- Default: 1
Action – Select the action from the drop-down list to be taken on the request matching this URL.
- Process – Processes any request matching this ACL.
- Allow – Allows the request by disabling all security checks on an incoming request that matches the ACL. It also disables Data Theft on such responses.
- Deny and Log – Denies any request matching this ACL and also logs the event. The request is not subjected to any security policies. This is an unconditional Deny. When a request is denied, the Barracuda Web Application Firewall sends a cryptic error response.
- Deny with no Log – Same as Deny, but the event is not logged.
- Temporary Redirect – Redirects the denied request with the 302 status code to the URL specified in the Redirect URL field.
- Permanent Redirect – Redirects the denied request with the 301 status code to the URL specified in the Redirect URL field.
- Redirect URL – Specify a URL to which a user should be redirected if Action is set to Redirect.
- Follow Up Action - Select the required follow up action to be taken whenever the request is denied.
- Follow Up Action Time - Specify the time (sec) to block the client IP if Follow Up Action is set to Block Client-IP. The time can range between 1 to 600000 seconds.
- Click Add.