We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Integration with the Barracuda Advanced Threat Protection

  • Last updated on

The Barracuda Advanced Threat Protection (BATP) is a cloud-based service that provides in-depth defense against ransomware, malware, and advanced cyberattacks. The Barracuda Web Application Firewall integrates with the Barracuda Advanced Threat Protection (BATP) to scan all files uploaded using POST method requests with encoding type as “multipart/form-data”. BATP scans the files with multiple malware scanners that utilize different types of detection techniques to check for anomalies in the uploaded files, and provides defense against zero day attacks. When a file is uploaded, the Barracuda Web Application Firewall processes the request and allows the file to be uploaded to the server, while the BATP performs the scan and logs the details in the BASIC > Web Firewall Logs page. To view BATP logs in the BASIC > Web Firewall Logs page, use the “BATP Scan” keyword and filter the logs.  

The BATP logs are also displayed in the ADVANCED > System Logs page with limited information such as file name, host and URL.

The maximum size of the file that the BATP can scan is 10 MB.

Barracuda Advanced Threat Protection (BATP) is a separate license that needs to be purchased from Barracuda Networks.

How the Scanning Process Happens in the Barracuda Advanced Threat Protection

BATP.png

1. Client uploads a file as multipart/form-data in a request.

2. The Barracuda Web Application Firewall checks for the file extension/content-type and if the content-type matches the allowed policy, the file is sent to the server. If the content matches any of the MIME types listed below, the file is also sent to the BATP server.

  • application/pdf
  • application/msword
  • application/vnd.ms-powerpoint
  • application/vnd.ms-excel
  • application/x-msaccess
  • application/vnd.openxmlformats-officedocument.presentationml.presentation
  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
  • application/vnd.ms-cab-compressed
  • application/vnd.microsoft.portable-executable
  • application/vnd.openxmlformats-officedocument.wordprocessingml.document
  • application/rtf

2. The server sends the response after processing the request. 

After the file is uploaded to the BATP server. It is recommended to quarantine all files till the result of the BATP scan is received.

3. The Barracuda Web Application Firewall forwards the response to the client.

4. The BATP server analyses the file content for any zero day attack or for the presence of other malwares.

    1. The Barracuda Web Application Firewall checks the BATP server if the file scan is complete.
    2. After the file scan is complete, the BATP server sends the response with details.
    3. The Barracuda Web Application Firewall processes the response and generates logs for the scanned file.

 

Logs generated by BATP

  1. The status of the scanned files is logged in the BASIC > Web Firewall Logs page.

    Web_Firewall_logs_BATP logs.png

  2. Click the Details link to view the Web Firewall Log Details page. The details of the scan are shown in the Attack Details section.

    Web_Firewall_Log_Details.png


  3. The BATP module also generates additional logging information which is available on the ADVANCED > System Logs page.
    1. To view the System Logs under the Module BATP, select Message from the -Select Filter- dropdown, select Regexp from the is equal to dropdown and type virus in the text box beside the is equal to text box.
    2. Click the Apply Filter button to immediately view the generated System Logs.
    3. Click on the Save Filter button to view the System Logs page at a later point in time. The System Logs page is as shown:

      System_Logs.png

      The System Logs image displays the Module name as BATP. However, the Module name under System Logs is displayed as BATD in the 9.1 version of the firmware.


    4. Click the Details link to view the System Log Details page. The System Log Details page is as shown:

      System_Log_Details.png

 

After the logs are generated, the administrator can filter logs using the “BATP Scan” keyword. If any infected file is found, the administrator should take necessary action to remove it from the server.

Last updated on