Configuring Web App Firewall profiles 编辑

To configure a user-defined Web App Firewall profile, first configure the security checks, which are called deep protections or advanced protections in the Web App Firewall wizard. Certain checks require configuration if you are to use them at all. Others have default configurations that are safe but limited in scope; your websites might need or benefit from a different configuration that takes advantage of more features of certain security checks.

After you have configured the security checks, you can also configure some other settings that control the behavior, not of a single security check, but the Web App Firewall feature. The default configuration is sufficient to protect most websites, but you must review them to make sure that they are right for your protected websites.

Note:

The profile name length and all import object name length can be set up to 127 characters.

For more information about the Web App Firewall security checks, see Advanced Protections.

To configure a Web App Firewall profile by using the command line

At the command prompt, type the following commands:

• set appfw profile <name> <arg1> [<arg2> ...]

  where:

  • <arg1> = a parameter and any associated options.
  • <arg2> = a second parameter and any associated options.
  • … = additional parameters and options.

  For descriptions of the parameters to use when configuring specific security checks, see Advanced Protections.

• save ns config

Example

The following example shows how to enable blocking for the HTML SQL Injection and HTML Cross-Site Scripting checks in a profile named pr-basic. This command enables blocking for those actions while making no other changes to the profile.

set appfw profile pr-basic -crossSiteScriptingAction block -SQLInjectionAction block
<!--NeedCopy-->