Configuring Web Application Firewall

Overview

A Web Application Firewall filters, monitors, and blocks HTTP traffic to and from API proxies. While normal firewalls serve as a safety gateway between servers, a WAF helps to filter the content of specific web applications.

To integrate WAF functionality in the Fiorano API Gateway server, configure WAF in the Resource section of the particular API project.

Enabling WAF

To enable WAF to a Resource in an API project, perform the following actions:

1. Go to API Projects > Resources.
   

   

2. Click the resource name and go to the WAF Configuration tab.
   

   

3. Select the Enable Web Application Firewall (WAF) option.

Configuring WAF filter

To configure WAF,

1. Provide the filter Class name in the WAF Filter Class text field.

   webcastellum WAF

   CODE

   org.webcastellum.WebCastellumFilter

   ESAPI WAF

   CODE

   org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter

2. Provide the filter configuration in the WAF Filter Configuration section. Click the Add button to add additional attributes.

   

   webcastellum WAF

   Name	Value
   LogVerboseForDevelopmentMode	true
   Debug	false
   ProductionMode	false
   ExtraDisabledFormFieldProtection	false
   ParameterAndFormProtection	false
   QueryStringEncryption	false
   SecretTokenLinkInjection	false
   BlockNonLocalRedirects	false
   ForceEntranceThroughEntryPoints	false
   HandleUncaughtExceptions	true
   RuleFileReloadingInterval	60
   RuleLoader	org.webcastellum.FilesystemRuleFileLoader
   AttackLogDirectory	{WAF_LOGS_DIR}
   RuleFilesBasePath	{WAF_RULES_DIR}
   FlushResponse	false

   

   ESAPI WAF

   Name	Value
   configuration	{WAF_RULES_DIR}\restrict-source-ip-policy.xml

Adding a rule

To add a rule,

1. Go to the WAF Rules tab.

2. Click the Add rules button to add the zip file which contains the configured rules files and click the Upload button to attach the files to the resource.
   

   

3. Select the zip file containing the rules and click Upload.
   

   

   

   Sample rules can be found at:

   

   Webcastllum

   <Installer>\APIManagement\samples\waf\webcastellum

   

   ESAPI

   <Installer>\APIManagement\samples\waf\ESAPI

   

   

4. Save and deploy the API project on the server group as per preference.