The "XML Firewall" feature is available only in the Barracuda Web Application Firewall 660 and above.
Configure the XML Firewall with the following steps:
- Turn on the XML Firewall on WEBSITES > XML Validations, by setting Enable XML Firewall to Yes.
- Import the Schema file(s) and WSDL file for the web service you want to protect.
- Bind the Imported Schema file(s) and WSDL file to the website; select the validations you wish to enforce and enable validation checking for the website.
- View or modify the Validation Settings for the XML features you choose to enforce.
Import the Schema file(s) and WSDL file for the Web Service
Import the Schema file(s), and then the WSDL file for your website on the WEBSITES > XML Validations page Import Schema/WSDL section using the following steps:
Select the File Type you want to import: SCHEMA or WSDL.
- Enter the Name you want to appear in the display list for this imported file. For example: Encoding.
- Optionally, you can enter the Namespace you want to appear in the display list for this imported file. For example: .
- Click Browse..., locate the desired file and select it.
- Click Import to upload the file. It will appear in the Imported Schema/WSDLs display with the provided Name and Namespace.
Repeat the import process for all Schemas and WSDL references before importing the WSDL file.
Bind the Imported Schema file(s) and WSDL file to the Website
To bind the schema(s) and WSDL to the website, do the following:
- Click Add next to the desired website in the WEBSITES > XML Validations, XML Protected URLs list to bind the imported WSDL to the URL you want to protect. The Add Protected URL window appears. Do the following settings:
- Data Format – You must choose SOAP if you want to enforce WS-I Validations or SOAP Validations. Otherwise, you may choose XML to intercept generic XML data.
- Enforce WSDL – Select the WSDL you want to bind to the website.
- URLs - Enter the URL pattern you want to protect using XML Firewall. Note: Selectively choose URLs requiring SOAP or XML validations to avoid introducing unnecessary latency in serving requests.
- Direction – Select Requests, Responses or Both to be validated with the bound WSDL.
- Enforce XML Validations – Set to Yes to enforce the settings configured on WEBSITES > XML Protection > XML Validation Settings.
- Enforce WS-I Validations – Set to Yes to enforce the settings configured on WEBSITES > XML Protection > WS-I Basic Profile Assertions. Note: Data Format must be SOAP for this setting to apply.
- Enforce SOAP Validations – Set to Yes to enforce the settings configured in WEBSITES > XML Protection > SOAP Validations. Note: Data Format must be SOAP for this setting to apply.
- Set Status to On to enable XML firewall validations for this website. To disable all of your Enforce ... Validations settings for this website, set Status to Off.
- Click Add to save your settings and bind them to the selected website.
- Click Edit from WEBSITES > XML Validations, XML Protected URLs list by the desired website to change the enforcement parameters, the direction of enforcement, or to turn off XML firewall for this website by setting Status to Off.
- Click Delete to remove the WSDL binding on the web service.
View or Modify the Validation Settings for the XML Firewall
Default settings for validations are provided for the XML Firewall. You can edit those settings on the WEBSITES > XML Protection page of the web interface.