Device Configuration : Protect : Add Business Application Rule (Web Server Protection (WAF)) : Add Exception
Add Exception
Use Add Exception page to specify path Exceptions for the Web Servers.
1. Click Add Exceptions.
2. Specify Exception details.
Path
Enter the path which you want to exclude.
Operation
Select the operation among AND or OR for Path and Source.
Source
Specify the source networks where the client request comes from and which are to be exempted from the selected check(s).
Skip these Checks
Cookie Signing
Click to skip Cookie Signing. Cookie Signing protects a web server against manipulated cookies. When the web server sets a cookie, a second cookie is added to the first cookie containing a hash built of the primary cookie's name, its value and a secret, where the secret is only known by the WAF. Thus, if a request cannot provide a correct cookie pair, there has been some sort of manipulation and the cookie will be dropped.
Static URL Hardening
Protects against URL rewriting. For that, when a client requests a website, all static URLs of the website are signed. The signing uses a similar procedure as with cookie signing. Additionally the response from the web server is analyzed regarding what links can be validly requested next.
Form Hardening
Click to skip Form Hardening. Form Hardening protects against web form rewriting. Form hardening saves the original structure of a web form and signs it. Therefore, if the structure of a form has changed when it is submitted the WAF rejects the request.
Antivirus
Select this option to protect a web server against viruses.
Block clients with bad reputation
Based on GeoIPClosed and RBLClosed information you can block clients which have a bad reputation according to their classification.
Skip these Categories
Path
Select a path from the list or specify a new path fro the specified exception.
Operation
Select the AND/OR operation for the added Path and Source.
Source
Select from the list of added networks as Source
Protocol Violations
Enforces adherence to the RFC standard specification of the HTTP protocol. Violating these standards usually indicates malicious intent.
Protocol Anomalies
Searches for common usage patterns. Lack of such patterns often indicates malicious requests. These patterns include, among other things, HTTP headers like 'Host' and 'User-Agent'.
Request Limits
Enforces reasonable limits on the amount and ranges of request arguments. Overloading request arguments is a typical attack vector.
HTTP Policy
Narrows down the allowed usage of the HTTP protocol. Web browsers typically use only a limited subset of all possible HTTP options. Disallowing the rarely used options protects against attackers aiming at these often less well supported options.
Bad Robots
Checks for usage patterns characteristic of bots and crawlers. By denying them access, possible vulnerabilities on your web servers are less likely to be discovered.
Generic Attacks
Searches for attempted command executions common to most attacks. After having breached a web server, an attacker usually tries to execute commands on the server like expanding privileges or manipulating data stores. By searching for these post-breach execution attempts, attacks can be detected that might otherwise have gone unnoticed, for example because they targeted a vulnerable service by the means of legitimate access.
SQL Injection Attacks
Checks for embedded SQL commands and escape characters in request arguments. Most attacks on web servers target input fields that can be used to direct embedded SQL commands to the database.
XSS Attacks
Checks for embedded script tags and code in request arguments. Typical cross-site scripting attacks aim at injecting script code into input fields on a target web server, often in a legitimate way.
Tight Security
Performs tight security checks on requests, like checking for prohibited path traversal attempts.
Trojans
Checks for usage patterns characteristic of trojans, thus searching for requests indicating trojan activity. It does not, however, prevent the installation of such trojans as this is covered by the antivirus scanners.
Outbound
Prevents web servers from leaking information to the client. This includes, among other things, error messages sent by servers which attackers can use to gather sensitive information or detect specific vulnerabilities.
Never change HTML during Static URL Hardening or Form Hardening
If selected, no data matching the defined exception settings will be modified by the WAF engine. With this option, e.g., binary data wrongly supplied with a text/html content type by the Web Server will not be corrupted. On the other hand, web requests may be blocked due to activated URL hardening, HTML rewriting, or form hardening. Those three features use an HTML parser and therefore to some extent depend on the modification of webpage content. To prevent undesired blocking, skip URL hardening and/or form hardening for requests affected by blocking; you might need to do this in another/new exception to reflect dependencies between web servers and/or webpages.
Accept unhardened form data
Even though having an exception for Form Hardening, it is possible that form data will not be accepted if the Form Hardening signature is missing. With this option unhardened form data will be accepted anyway.