Skip to content

Security Setup Menu

Jalmoud Cloud WAF is a multi-domain and multi-policy solution. This means that you can protect multiple domains or sub domains and for each of them you can define a separate security policy.

You can select the domain first to see its configured security policy at the top of the ‘Policy Setup’ page:

Security Policy #

Below is the security policy that you can customize for each domain.

Click on the ON/OFF button to start the attack policy setup.

  • If the policy setup is ‘ON’, it will perform detection and perform blocking.
  • If the policy setup is ‘OFF’, it will not detect with the selected policy

Description of Attack policy #

PolicyDescription
SQL InjectionA vulnerability that could allow an attacker to view (or manipulate) information from the DB by inserting SQL statements into the input form and URL fields in a web application that is interfaced with the database(DB).
XSSA vulnerability that could allow an attacker to execute an inappropriate script with the privileges of a visitor who views a Web page by including a malicious script on the page.
Scanner/Proxy/Spambot DetectionCrawling, Scraping, Scanner, Web Attack Toolkit, etc., to generate comprehensive attack traffic to detect direct vulnerabilities or collect indirect information to identify vulnerabilities.
Web Server Vulnerability DetectionVulnerability due to inadequate system configuration, such as the presence of installation files and temporary files created during the installation of the application (Apache, etc.), or the windows login window being exposed on the Web.
Application Vulnerability DetectionA vulnerability that can be used as an intermediary for homepage tampering and hacking due to various vulnerability information of a public application that is open to the Internet due to financial and time burden in building a web server.
CSRFA vulnerability in which inappropriate scripting is performed with the privileges of the visitor viewing the transmitted dynamic web page when the external input is used to generate the dynamic web page.
Malicious File Upload DetectionA vulnerability that the attacker can execute the system internal command or control the system if a script file (asp, jsp, php file, etc.) that can be executed on the server-side can be uploaded and the attacker can execute this file directly through the web.
Abnormal HTTP Request DetectionA comprehensive attack mechanism for accessing a web server by manipulating traffic with contradictory standard rules such as multiple spaces, multiple slashes, newline characters, null character insertion, specific header deletion or modulation for security system bypass purposes.
Error Page CloakingA vulnerability that exposes attack information such as server data information through an error message when a separate error page is not set in the web server.
Directory ListingA vulnerability that could potentially expose sensitive file information by enabling indexing of all directories within the server or directories containing sensitive information.
Command Injection DetectionVulnerability in which unintended system commands are executed when user input values that have not been properly validated are run with some or all of the operating system commands.
System Access DetectionA vulnerability that exploits important system information or sensitive information exposed by direct access to important tables or objects of Windows and Unix Web servers in known locations and commercial DBMS servers.
Directory Access DetectionA vulnerability that could lead to system information leaks, service failures, etc., because it is possible to construct a path string for an unexpected access restriction area if the characters that can be used for the path manipulation are not filtered for external input values.
HTTP Method Restrictions DetectionA vulnerability that allows an attacker to upload malicious files or to delete important files by allowing unnecessary methods (PUT, DELETE, OPTIONS, etc.) when providing Web services.
Vulnerable Page Access DetectionA vulnerability that if a file such as an internal document, a backup file, a log file, or a compressed file exists under the web root, the file name can be obtained by inferring, then the service information necessary for hacking can be obtained by directly requesting these file name. Additionally, it is also a vulnerability that could be exploited by various forms of attack, such as an attacker’s SQL injection or brute-force attack, when the administrator’s page is accessible via the Internet.
Header Vulnerability DetectionA vulnerability that causes remote command execution or buffer overflow by accessing known vulnerabilities in a web application server or OS system through manipulation of header information such as User-Agent and Range header.
LDAP InjectionA vulnerability that tempers with LDAP (application protocol for querying and modifying directory services) query or injects LDAP, thus leaking passwords, personal information, etc. If an LDAP query is performed as part of the user input on the website, change the LDAP syntax to obtain sensitive information within the system.

User Defined Policy #

This tab allow user to define some additional protection measures.

Description of User Defined Policy #

ItemDescription
IP Allow listBypassing the client IP regardless of other the Web Application Firewall policy after input client IP and apply it.
IP Block listBlocking the client IP regardless of other the Web Application Firewall policy after input client IP and apply it.
DoS DetectionBlock clients who make much traffic this domain and add these IPs to blocklist.
Brute Force DetectionBlocking clients who try to abnormal login attempt to this domain and register this IP to blocklist.
URL Allow listBypassing the URL regardless of other the Web Application Firewall policy after input URL path and apply it.
National IP DetectionNational IP Detection blocks the HTTP request which is registered in the untrusted national list before analyzing the data.
JS ChallengeUpon receipt of the HTTP request, the WAF responds with a JavaScript challenge script, which can only be interpreted in a web browser. It allows access to the actual website only when interpreting this script, and it defends automated attacks such as bots that cannot be interpreted.

SSL Policy #

In this tab, you will see information of current installed HTTPS certificate. Moreover, you can change it if you have a situation like expired certificate.

Description of SSL policy #

ItemDescription
SSL CertificateUpload new SSL certificate of your domain for register or change SSL certificate.
– Support type: CRT, DER, PEM, PFX, …
80 → 443 RedirectAll traffic of Port 80 (HTTP) redirect to Port 443 (HTTPS).

Web Cache #

Web cache is a very helpful feature that would save your bandwidth from been consumed so quickly. You can configure a global TTL value (in seconds), and you can exclude URLs from being cached selectively.

Description of Web Cache Policy #

ItemDescription
TTLTime in seconds for caching web responses to serve later requests.
Except URLAdd custom URLs to be excluded from web cache policy.
Clear Web CacheRemove all cached content.
Custom DeleteRemove cache related to specific URL.

Advanced Setting #

Click on ‘Advanced Setting’ tab.

You will see a new pop-up for advanced settings:

Customize Attack Policy #

In the ‘Attack’ tab, you can whitelist specific URL or IP from attacks activated in ‘Security Policy’.

You can apply customization to all categories of attacks in ‘Attack’ tab:

  1. Select attack category you want to customize.
  2. Click on ‘Add’ button.
  1. A pop-up for adjusting or adding security policy appears as below:

Description of Attack Policy (Advanced) #

ItemDescription
ON/OFFEnable or disable attack policy
ActionSet action (Block/Detection) for requests match this policy
Rule NameName for the rule
Client IPIP of client that will be considered for this rule
Server URLURL of the server that will be considered for this rule

Customize User Defined Policy #

You have two rules that could be customized:

  • URL Access Rule
  • Keyword Filter Rule

URL Access Rule #

Using URL access rule, you can blacklist certain IP addresses from accessing specific server page regardless of all other security rules.

First click on ‘Advanced Setting’ button.

Once you see the pop-up, click on ‘User Defined’, then click ‘Add’ button.

Finally, configure the rule as per your needs.

Keyword Filter Rule #

Using Keyword Filter rule, you can configure blacklisted keywords that should not be observed from the traffic. Keywords allow you to add specific phrases to be detected by the policy as keywords. To configure it, please consider the following steps:

First click on ‘Advanced Setting’ button.

Once you see the pop-up, click on ‘User Defined Policy’, then ‘Keyword Filter Rule’, then click ‘Add’ button.

A new pop-up window will appear to allow you to configure parameters of the rule.

ItemDescription
ON/OFFEnable or disable attack policy
ActionSet action (Block/Detection) for requests match this policy
Rule NameName for the rule
Detect ConditionList of all added keywords of the rule
Keyword text boxType keywork and click ‘Add’ button to add it to keywork list
Client IPIP of client that will be considered for this rule
Server URLURL of the server that will be considered for this rule

Final Step #

Whenever you make changes, make sure you commit the changes. Please note that all policy changes are transparent and doesn’t affect running services.

Powered by BetterDocs