Operation: Add Protection Policy / Edit Protection Policy
Description: To Add/Edit Protection Policy.To add/edit protection policy. 

Sample Configuration
<ProtocolSecurity> <Name>Text</Name> <Description>Text</Description> <PassOutlookAnywhere>Enable/Disable</PassOutlookAnywhere> <Mode>Monitor/Reject</Mode> <CookieSigning>Enable/Disable</CookieSigning> <StaticUrlHardening>Enable/Disable</StaticUrlHardening> <!-- If StaticUrlHardening is Enable.--> <EntryURLType>Manual</EntryURLType> <!-- If EntryURLType is Manual.--> <EntryURLList> <EntryURL /> : </EntryURLList> <FormHardening>Enable/Disable</FormHardening> <AntiVirus>Enable/Disable</AntiVirus> <!-- If AntiVirus is Enable.--> <AVMode>Avira/Sophos/DualScan</AVMode> <Direction>Uploads/Downloads/UploadsAndDownloads</Direction> <BlockUnscannableContent>Enable/Disable</BlockUnscannableContent> <LimitScanSize>Enable/Disable</LimitScanSize> <Megabytes>Number</Megabytes> <BlockClientsWithBadReputation>Enable/Disable</BlockClientsWithBadReputation> <!-- If BlockClientsWithBadReputation is Enable.--> <SkipRemoteLookups>Enable/Disable</SkipRemoteLookups> <ThreatsFilter>Enable/Disable</ThreatsFilter> <!-- If ThreatsFilter is Enable.--> <ParanoiaLevel>1/2/3/4</ParanoiaLevel> <SkipFilterRules> <FilterRules /> : </SkipFilterRules> <ThreatFilters> <Filter /> : </ThreatFilters> </ProtocolSecurity>



Parameter Mandatory Default Description
NameYes  
Enter a descriptive name for the Protection Policy object.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Character not allowed: Comma (,)
  • Maximum characters allowed are 60.
  • UTF-8 character(s) are allowed.
DescriptionNo  
Enter a description or other information.
ModeYes  
Select a mode from 'Monitor' and 'Reject'.
Mode confines to:
  • Type is 'SCALAR'.
  • Only 'Monitor', 'Reject' are allowed.
ThreatsFilterNo OFF 
Enable to protect webservers from several threats.
ThreatsFilter confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
FilterNo  
Only available when common threat filter is enable.
Filter confines to:
  • Type is 'ARRAY'.
  • Maximum characters allowed are 30.
  • Only 'Application attacks', 'SQL injection attacks', 'XSS attacks', 'Protocol enforcement', 'Scanner detection', 'Data leakages' are allowed.
  • Multiple values are allowed.
ParanoiaLevelNo 
If you've turned on common threat filter, you can select the level of rule matching from 1 (most permissive) to 4 (most restrictive).
ParanoiaLevel confines to:
  • Type is 'SCALAR'.
  • Only '1', '2', '3', '4' are allowed.
FilterRulesNo  
Provide the rule number that you want to skip.
FilterRules confines to:
  • Type is 'ARRAY'.
  • Datatype is 'INTEGER'.
  • Multiple values are allowed.
Note:
Applicable only if 'Common Threat Filter' is enabled..
AntiVirusNo OFF 
Enable to protect a webserver against viruses.
AntiVirus confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
PassOutlookAnywhereNo OFF 
Enable to allow external Microsoft Outlook clients to access the Microsoft Exchange Server via the WAF.
PassOutlookAnywhere confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
CookieSigningNo OFF 
Enable to protects a webserver against manipulated cookies.
CookieSigning confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
StaticUrlHardeningNo OFF 
Enable to protect against URL rewriting.
StaticUrlHardening confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
EntryURLTypeNo  
Define type of URL hardening. Default value is Manual.
EntryURLType confines to:
  • Type is 'SCALAR'.
  • Only 'Manual', 'SitemapFile', 'SitemapURL' are allowed.
EntryURLNo  
Add URL for static URL hardening.
EntryURL confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 255.
  • Multiple values are allowed.
Note:
Applicable only if 'Static URL Hardening' is enabled..
FormHardeningNo OFF 
Enable to protect against web form rewriting.
FormHardening confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
AVModeNo  
Specifies mode for anti virus values can be Avira,Sophos,Dual Scan.
AVMode confines to:
  • Type is 'SCALAR'.
  • Only 'Avira', 'Sophos', 'DualScan' are allowed.
Note:
Applicable only if 'Anti-Virus' is enabled..
LimitScanSizeNo OFF 
Enable to enter the scan size limit.
LimitScanSize confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
Note:
Applicable only if 'Anti-Virus' is enabled..
DirectionNo Uploads 
Select whether to scan only up or downloads or both.
Direction confines to:
  • Type is 'SCALAR'.
  • Only 'Uploads', 'Downloads', 'UploadsAndDownloads' are allowed.
Note:
Applicable only if 'Anti-Virus' is enabled..
BlockUnscannableContentNo OFF 
Enable to block files that cannot be scanned.
BlockUnscannableContent confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
Note:
Applicable only if 'Anti-Virus' is enabled..
MegabytesNo  
Provide the scan size limit in Megabyte.
Megabytes confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
Note:
Applicable only if 'Limit scan size' is enabled..
BlockClientsWithBadReputationNo OFF 
Enable to block clients which have a bad reputation according to their classification, based on GeoIPClosed and RBLClosed information.
BlockClientsWithBadReputation confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
SkipRemoteLookupsNo OFF 
Enable to use GeoIP-based classification.
SkipRemoteLookups confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
Note:
Applicable only if 'Block clients with bad reputation' is enabled..



Operation   Status   Message
Add Protection Policy200
Add Protection Policy500
Add Protection Policy502
Edit Protection Policy200
Edit Protection Policy500

© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.