We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How do I configure my Web Application Firewall to cloak credit card information?

  • Type: Knowledgebase
  • Date changed: 9 years ago

Solution #00004070

 

Scope:

All Barracuda Web Application Firewalls, all firmware versions.

 

Answer:

The Barracuda Web Application Firewall uses Data Theft Protection patterns to detect sensitive information in responses sent by the server, and then based on your configuration it will either block or cloak them.

 

Enabling Data Theft Protection

  1. From the Security Policies > Data Theft Protection page of the web interface, select the applicable policy and assign the global and custom data types to be used. 
  2. Select the action to take when an Identify Theft data pattern is found in a response.
    Block. When this action is set, any page sent by the server containing the associated Identify Theft type is blocked and a 404 Error is sent.
    Cloak. When this action is set, parts of the data are cloaked, by overwriting data with X's, based on the Identify Theft type defintion.  
  3. Select Yes to enable the Policy.  

Applying the Data Theft Protection Policy

  1. From the Web Sites > Advance Security > Default URL Policy page, edit the relevant URL policy and set Enable Data Theft Protection to Yes.
  2. Optionally, you can apply a policy to a specific URI by creating a new ACL and applying the policy to the ACL.

Link to This Page:

www.barracuda.com/kb?id=50160000000HfpB