How to Configure Security Policies (Proxy)

Description

• Configuration option for new Proxies or Applications in Proxy / App Management section of Portal:
  
  • How to Configure a Proxy for HTTP / SSL HTTP / WAF Proxy Service Type
  • How to Configure a Proxy for TCP / UDP / DNS Service Type
• Links to other Application Configuration options in Related Content

Environment

• Silverline WAF
• Silverline DDoS Protection
• Proxies / Proxy
  • HTTP Redirect / SSL HTTP / WAF
  • TCP / UDP / DNS Service

Procedure

Configure Threat Intelligence (additional cost), L7 DDoS Profiles, and/or WAF Policies:

• Threat Intelligence Profile - a premium subscription available to add to both DDoS and WAF services for additional visibility and protection. By subscribing to a maintained feed of bad actor host addresses sourced from a world-wide intelligence network, Silverline is able to categorize, then either block or allow a wide variety of threats as soon as they enter the Silverline data centers. 
  • Threat Intelligence: Overview
  • Threat Intelligence: Configuration
  • Threat Intelligence: Monitoring
• Layer 7 DDoS Profiles - Choose the L7 DDoS profile to apply to this proxy. These can help protect Web Applications against Layer 7 DDoS attacks.
  • Q&A: What are Layer 7 DDoS Attacks and L7 DDoS Profiles?
  • How to Configure New L7 DDoS Profiles
  • How to Add L7 DDoS Profile to Proxy
• WAF Policy - Choose a WAF Policy to apply to this proxy.
  • By default "Profile settings" have wildcard entry FQDN: * and URI: * - that covers all endpoints
  • You may also add specific URLs or wildcard URLs, to be protected by specific WAF policies
    • URI field uses "start_with" operator, this means that URL or URI will match any other character in the URL or URI after the string value. Ex: /Path2, /Path3
      

      • Please Note:
        Drag specific URLs to the top and generic URLs to the bottom 
        as the matching will be based on "starts_with" operator
        
        For example, a proxy is configured with
        1. /helloworld/images/
        2. /helloworld/images/jpg
        3. /helloworld/login
        4. *
        
        * If URL comes in as "/helloworld/images/jpg/image001.jpg" 
        URL will match the first configuration "/helloworld/images/" due to the "starts_with" operator

  • Download: WAF Technical Questionnaire for WAF Setup
  • How to Attach WAF Policy to Proxy
  • Note: If there are IPs that you want to bypass WAF, see How to Whitelist IP addresses for WAF Services
• Host and URI - if you add more than 1 L7 DDoS Profile or WAF Policy, you will be able to specify the Host or URI for that Profile or Policy.
• Add button - Click this button to add an additional Layer 7 DDoS Profile or WAF Policy.
  • Note: With HTTP / SSL HTTP / WAF Proxy Service Type, you can only add 1 WAF Policy, 1 L7 DDoS Profile.

Related Content

• Related proxy configuration options:
  • Certificates
  • Options
  • Monitors
  • iRules
  • Advanced
• Threat Intelligence: Overview
• How to Add L7 DDoS Profile to Proxy
• How to Attach WAF Policy to Proxy