A template is a collection of configuration components arranged serially in a file. Templates are used to save/import backups of object types like Services, URL profiles, URL Policies, etc., so configuration can be exported to other Barracuda Web Application Firewall boxes in the following scenarios:
- Migrate changes from the Barracuda Web Application Firewall in front of QA servers to the Barracuda Web Application Firewall in front of production servers.
- Import templates provided by Barracuda Web Application Firewall experts to refine policies on standard applications.
- Patch existing policies. For example, a new OWA template might need an additional Allow Method for a Global ACL. Or a new pattern, like sql-tautology-conditions, might require a refinement to an existing pattern-group. An existing service might require a new keep-alive timeout, already tested and found optimal in the QA network.
- Take a backup of an application configuration.
Saving Objects Using a Template
You can export objects from your configuration by creating a template which includes the objects from the existing configuration, which is saved on your file system.
Use ADVANCED > Templates and select Generate Template as the Template Operation. Select a suitable Template Type and specify the Name and Description for the template. Use Exportable Objects to select the parent nodes and child nodes to export using check boxes. Generate to see your template displayed under Available Templates.
A saved template can be imported on the configuration tree using Add or Modify. In both cases key parameters are compared to existing objects before they are updated:
- Use the Add operation if the key parameters of the imported object do not match an existing object. Duplicate configurations cannot be added. Added objects are added to the selected parent nodes or child nodes of the configuration tree with the saved values.
- Use the Modify operation when the key parameters match an existing entry. If there is a match, the current values are blindly replaced with values from the imported object. If no object has matching key parameters, nothing is modified. This is considered an error.
- When a Service template is imported, you can specify an IP address and port for the service created from the template during the Add operation. Similarly, for a Modify operation, the template modifies an existing service on the box with the specified IP address and port, which makes sense if the source template is generated from a single service. This allows you to incrementally patch a service with template values.
|Object Type||Key Parameters|
|URL Policies||Domain, URL, Header, Header Weight|
|URL Profile||URL, Extended Match, Extended Match|
|Allow/Deny Rules||URL, Host Match, Extended Match, Extended Match Sequence|
|Request Rewrite Rules||Request Rewrite Sequence|
|Response Rewrite Rules||Response Rewrite Sequence|
|Response Body Rewrite Rules||Response Body Rewrite Sequence|
|Security Policy||Web Firewall Policy Name|
|Global ACL||URL Match, Extended Match, Extended Match Sequence|
|Custom Parameter Class||Custom Parameter Class Name|
|Attack Types||Attack Type Name|
|Identity Theft Patterns||Identity Theft Pattern Name|
|Input Types||Input Type Name|
The Add operation adds the imported object to the selected parent nodes or child nodes, using values from the saved template. An add of an object with duplicate Key Parameters is not allowed. For example, an add of an object of type Server will not succeed if a Server object with a matching Server IP and Server Port already exists. The Add is disallowed.
To add a new template use ADVANCED > Templates and select Import Template as the Template Operation. Select a suitable Template Type and select the Add Operation. Select parent nodes and child nodes you want to add to and click Add. Remove deletes a selection. Browse to locate the Template file path and Import the template file to the selected destination box.
The Modify operation modifies the existing configuration of selected parent nodes or child nodes by using the values from the saved template. Modify only works if an object with matching Key Parameters already exists. If no matching object exists, the Modify is disallowed.
To modify an existing template, use ADVANCED > Templates to select Import Template as the Template Operation. Select a suitable Template Type, then specify the Modify Operation. Select the parent nodes and child nodes where you want to import the modified templates and click Add. Remove deletes a selection. Browse to locate the Template file path and Import to patch the existing template.
Points to Remember
- When importing an SSL based service, note that the service is imported with SSL Status set to On for the front-end and set to Off for the back-end. You need to create relevant certificates, bind them, and set SSL Status to On to complete the service creation.
- A Modify operation blindly replaces any value of the object's parameters with the values found in the template. However, for the parameters which have multi-valued inputs (for example, Allowed Methods in SECURITY POLICIES > URL Protection), the modify operation results in a union of the existing values and the template values.
- Template generation does not recursively copy the objects. If you have a policy bound to a service, make sure the policy exists on the destination box before importing the service on the destination box. The most common cases of objects like these within a service are: Policy, Response Pages, Certificates, Parameter Classes, Rate Control pool, Trusted Hosts.