After a service is created, a basic set of web firewall features are activated automatically using the Barracuda default security policy. The service defaults to a pa ssive mode of enforcement using the default security policy.
Configuring Service Settings
The default configuration options provide a sufficient amount of attack protection from the majority of web attacks. Refinements to the default security policy can be required for different web applications. You can edit basic service settings to tailor attack prevention for a service. To edit service settings, go to the BASIC > Services page, identify the service you want to edit in the Services list, and click Edit next to it. The service window displays the following sections:
Verify the settings displayed are correct. Modify the settings if necessary.
You can modify the basic set of web firewall options in the Basic Security section. Specify values for the following fields:
- Web Firewall Policy – By default, all services are associated with the default security policy. To enforce a new security policy, click the drop-down list and select the desired security policy. The list includes security policies provided by the Barracuda Web Application Firewall (default, sharepoint, sharepoint2013, owa, owa2010, owa2013, and oracle) and any previously saved customized policies. To create a new policy or to edit an existing policy, see Security Policies. If you wish to fine-tune the security policy, see .
- Web Firewall Log Level – Threshold for logging the error messages for the service. This log level determines whether only the most urgent attack information or less serious attack information, including warnings or debug information, is written to the logs. For example, if the log level is set to 3-Error, logs with 0-3 log levels are logged in the BASIC > Web Firewall Logs page. The 0-3 log levels include 0-Emergency, 1-Alert, 2-Critical and 3-Error logs.
- Mode – The mode determines how the service responds to offending traffic. By default, it is set to Passive mode which logs violating events but allows the request to pass through. Active mode performs the action configured in association with the perceived threat. Note: Passive mode is recommended in the initial stages of deployment so that traffic to the service is not broken due to false positives.
- Trusted Hosts Action – You can override default settings and configure a specific response to violations for a set of trusted hosts accessing the service. If set to Allow or Passive, all requests from trusted hosts, including those that are possible attacks, are ignored and passed through. Allow mode does not log events, whereas in Passive mode, events are logged. Set to Default if trusted hosts requests do not need special handling.
- Trusted Hosts Group – Select the trusted hosts group to which you want to apply the configured trusted hosts action. Trusted Hosts and Trusted Hosts Groups are configured in the WEBSITES > Trusted Hosts page.
- Ignore Case – This determines how the service URLs are matched to rules like URL, ACL, and URL profiles. When set to Yes, text in upper or lower case can match the specified URL for any Barracuda Web Application Firewall rule. Note: This is applicable only to URLs and not parameter names.
- Header Name For Actual Client IP – Header name for the client IP address that the server stores for identification.
- Rate Control Status – Set to On to bind a rate control pool to limit the rate of requests for the service.
- Rate Control Pool – If the rate control pool is configured with a set of preferred clients, then the rate control policy is applied only to the requests from the preferred clients. Otherwise, the rate control policy is applied to all requests forwarded to the service.
You can configure additional security for a service by using URL policies. URL policies allow Anti-Virus protection, Data Theft protection, and Brute Force protection to be enabled or disabled for specific URL spaces.