Follow

How to Configure Security Policies (Proxy)

Description

 

Environment

 

Procedure

Configure Threat Intelligence (additional cost), L7 DDoS Profiles, and/or WAF Policies:

NewProxy_SecPolicies.png

  • Threat Intelligence Profile - a premium subscription available to add to both DDoS and WAF services for additional visibility and protection. By subscribing to a maintained feed of bad actor host addresses sourced from a world-wide intelligence network, Silverline is able to categorize, then either block or allow a wide variety of threats as soon as they enter the Silverline data centers. 
  • Layer 7 DDoS Profiles - Choose the L7 DDoS profile to apply to this proxy. These can help protect Web Applications against Layer 7 DDoS attacks.
  • WAF Policy - Choose a WAF Policy to apply to this proxy.
    • By default "Profile settings" have wildcard entry FQDN: * and URI: * - that covers all endpoints
    • You may also add specific URLs or wildcard URLs, to be protected by specific WAF policies
      • URI field uses "start_with" operator, this means that URL or URI will match any other character in the URL or URI after the string value. Ex: /Path2, /Path3
        • Please Note:
          Drag specific URLs to the top and generic URLs to the bottom
          as the matching will be based on "starts_with" operator

          For example, a proxy is configured with
          1. /helloworld/images/
          2. /helloworld/images/jpg
          3. /helloworld/login
          4. *

          * If URL comes in as "/helloworld/images/jpg/image001.jpg"
          URL will match the first configuration "/helloworld/images/" due to the "starts_with" operator
    • Download: WAF Technical Questionnaire for WAF Setup
    • How to Attach WAF Policy to Proxy
    • Note: If there are IPs that you want to bypass WAF, see How to Whitelist IP addresses for WAF Services
  • Host and URI - if you add more than 1 L7 DDoS Profile or WAF Policy, you will be able to specify the Host or URI for that Profile or Policy.
  • Add button - Click this button to add an additional Layer 7 DDoS Profile or WAF Policy.

 

Related Content

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request