When created, Services default to a Passive mode of enforcement using the default Security Policy provided and updated by Barracuda Networks.
Configuring Service Settings
When a Service is created, a basic set of web firewall features are activated automatically with the default security policy which is provided and updated by Barracuda Central. These default configuration features provide an adequate amount of attack protection from the majority of web attacks. When refinements to default security are required for a web application, a variety of options provide increasingly refined settings. You can edit basic service settings to tailor attack prevention for a Service. To edit service settings, navigate to the BASIC > Services page, identify the Service you want to edit in the Services list, and click Edit next to it. The Service window displays the following sections:
Verify the settings displayed in the Service section are correct. Modify the settings if required.
The basic set of web firewall features can be modified in the Basic Security section. Specify values for the following fields:
- Web Firewall Policy – By default, all Services are associated with the default security policy. To enforce a new security policy, click the drop-down list and select the desired security policy. The list includes security policies provided by the Barracuda Web Application Firewall (default, sharepoint, sharepoint2013, owa, owa2010, owa2013 and oracle) and previously saved customized policies (if any). To create a new policy, or to edit an existing policy, see Security Policies. If you wish to fine-tune the security policy, see .
- Web Firewall Log Level – Set the threshold for logging the error messages for the Service. This log level determines whether only the most urgent attack information, or less serious attack information including warnings or debug information are written to the logs for the Service. For example, if the log level is set to 3-Error, then logs with 0-3 log levels are logged on the BASIC > Web Firewall Logs page. Here, the 0-3 log levels include 0-Emergency, 1-Alert, 2-Critical and 3-Error logs.
- Mode – The Mode determines how the Service responds to offending traffic. By default, it is set to Passive which just logs violating events and allows the request to pass through. Active mode performs the action configured in association with the perceived threat. Note: Passive mode is recommended in the initial stages of deployment, so that no traffic to the service is broken due to false positives.
- Trusted Hosts Action – You can override default settings and configure a specific response to violations for a set of trusted hosts accessing the Service. If set to Allow or Passive, all requests from trusted hosts, including those that are possible attacks, are ignored and passed through. Allow mode doesn't log events, whereas in Passive mode, events are logged. Set to Default, if trusted hosts requests need no special handling.
- Trusted Hosts Group – Select the trusted hosts group to which you want to apply the configured Trusted Hosts Action. Trusted Hosts and Trusted Hosts Groups are configured on WEBSITES > Trusted Hosts.
- Ignore Case – This determines how, for this Service, the URLs are matched to rules like URL ACLs and URL Profiles. When set to Yes, text in upper or lower case can match the specified URL for any Barracuda Web Application Firewall rule. Note: This is applicable only to URLs, and not parameter names.
- Header Name For Actual Client IP – Enter the name of the header in which the client IP address is stored for identification by the server.
- Rate Control Status – Set to On to bind a rate control pool to limit the rate of requests for the Service.
- Rate Control Pool – Select a rate control pool you want to associate with the Service. If the pool is configured with a set of preferred clients, then the rate control policy is applied only to the requests from the preferred clients. If not, the rate control policy is applied to all requests forwarded to the Service.
Additional security for a Service can be configured using URL policies. URL policies allow Anti-Virus protection, Data Theft protection and Brute Force protection to be enabled or disabled for specific URL spaces.