All Barracuda Web Application Firewalls, all firmware versions.
The Barracuda Web Application Firewall uses Data Theft Protection patterns to detect sensitive information in responses sent by the server, and then based on your configuration it will either block or cloak them.
Enabling Data Theft Protection
- From the Security Policies > Data Theft Protection page of the web interface, select the applicable policy and assign the global and custom data types to be used.
- Select the action to take when an Identify Theft data pattern is found in a response.
Block. When this action is set, any page sent by the server containing the associated Identify Theft type is blocked and a 404 Error is sent.
Cloak. When this action is set, parts of the data are cloaked, by overwriting data with X's, based on the Identify Theft type defintion.
- Select Yes to enable the Policy.
Applying the Data Theft Protection Policy
- From the Web Sites > Advance Security > Default URL Policy page, edit the relevant URL policy and set Enable Data Theft Protection to Yes.
- Optionally, you can apply a policy to a specific URI by creating a new ACL and applying the policy to the ACL.
Link to This Page: