Chapter 9: Web Application Firewall

You use web application firewall policies to scan HTTP requests and responses against known attack signatures and methods and filter matching traffic. This section includes the following topics:

• Web application firewall basics
• Web application firewall configuration overview
• Configuring a WAF Profile
• Configuring an OWASP TOP10 profile
• Configuring WAF Action objects
• Configuring a Web Attack Signature policy
• Configuring a URL Protection policy
• Configuring an Advanced Protection policy
• Configuring an HTTP Protocol Constraint policy
• Configuring CSRF protection
• Configuring brute force attack detection
• Configuring an SQL/XSS Injection Detection policy
• Configuring WAF Exception objects
• Configuring a Bot Detection policy
• Configuring a Cookie Security policy
• Configuring sensitive data protection
• Configuring XML Detection
• Configuring JSON detection
• Importing XML schema
• Configuring Input Validation
• Uploading WSDL files
• Web Vulnerability Scanner