Version Control

Purpose

Version Control provides you with a tabular overview of all rulesets that have ever been committed and activated on your system. You can track which administrator made which setting, and use Version Control to meet any legal or contractual regulations for record-keeping. You can also print out the documentation on paper.

All previous versions of a ruleset can be edited and activated again at any time.

Every application has a separate ruleset and therefore has separate Version Control. The number of versions available at any time may vary from application to application. Versions with different version numbers can also be active from application to application.

Opening

  1. In the navigation area, select the application for which you want to open Version Control.
  2. Activate the Configuration | Version Control tab.

Status section

The Status section lets you choose which rulesets are loaded and active:

  • Protection Ruleset

    This ruleset can only be chosen when protection mode is enabled for the application (see Detection Mode, Protection Mode). It determines which requests vWAF actually denies.

  • Detection Ruleset

    Ruleset for monitoring and testing purposes. If a handler of this ruleset becomes active, vWAF only writes an entry to the log files but doesn’t block any traffic.

  • Loaded Ruleset

    The ruleset that’s currently loaded into the administration interface for editing.

History section

The History section lists all versions that have ever been committed.

The check box on top of the list determines whether all rulesets are shown or whether only those rulesets are shown that aren’t hidden.

Column Meaning

Version

Current version number.

Status

Shows which of the versions displayed is currently loaded for editing (Loaded) and which is currently active in the decider (Active).

Time

Date (YYYY-MM-DD) and time when that version was committed.

User

Username of the administrator by whom that version was committed.

Comment

Comment entered by the administrator on commit in the field Commit Comment (see Committing and Activating Ruleset Changes).

Action

Clicking View displays a printable summary of a specific version.

Clicking Changes lists all modifications that were made between two versions.

Clicking Hide removes the ruleset from the list of shown rulesets.

Clicking Unhide makes a hidden ruleset visible again (only available if hidden rulesets are shown).

Changing the protection ruleset

This can only be done when protection mode is enabled for the application (see Detection Mode, Protection Mode).

To change the protection ruleset:

  1. From the drop-down list after Protection Ruleset choose the number of the ruleset that you want to activate. For details on the different versions, refer to the table in the History section.
  2. Click the Activate button.

    The chosen ruleset becomes active immediately.

    Note that the ruleset that you’re currently editing (the loaded ruleset) doesn’t change in this process. If you activate a ruleset that was set to be detection ruleset before, detection automatically gets disabled.

Enabling / disabling a detection ruleset

To enable a detection ruleset, which only creates log file entries but doesn’t block any traffic:

  1. From the drop-down list after Detection Ruleset choose the number of the ruleset that you want to activate as a detection ruleset. For details on the different versions, refer to the table in the History section.
    Note that you can’t choose the current protection ruleset here. If you want to use this ruleset for detection, you must first change the protection ruleset.
  2. Click the Set button. The chosen ruleset becomes active immediately.

To disable the detection ruleset, select the option disabled from the drop-down list and proceed as described above.

You can only disable a detection ruleset when protection mode is enabled for the application (see Detection Mode, Protection Mode).

Loading a different version for editing

ATTENTION
If you’ve made changes to the ruleset that’s currently loaded since the last time the changes were committed, these changes are lost when an older version is loaded. If you want to call up your current changes again, you need to commit them beforehand (see Committing and Activating Ruleset Changes).

To reload an earlier version for editing:

  1. From the drop-down list after Loaded Ruleset choose the number of the ruleset that you want to load. For details on the different versions, refer to the table in the History section.
  2. Click the Load button.
The chosen ruleset is now loaded into the administration interface and you can edit it.

Note that the rulesets used by the decider (the protection ruleset and the detection ruleset) don’t change in this process.

Viewing an old version and printing documentation

You can view a complete overview of the settings for a specific version and print it out. To do this, click in the Action column on the link View.

The Printable Application Configuration opens with a list of all attributes for the ruleset in question. To print the list, click the Print button below the list.

Hiding unneeded rulesets for more clarity

Over time, your number of stored rulesets grows. When the History list or the drop-down lists grow too long and get cluttered, you can remove rulesets that you don’t need from these lists.

Hiding a ruleset doesn’t delete the ruleset. A hidden ruleset just doesn’t appear on the lists any longer. You can unhide a hidden ruleset at any time. Also, you can still assign a hidden ruleset via the REST interface.

Note that hiding a ruleset is a global setting. If you hide a ruleset, other administrators also won’t see it.

To hide a ruleset:

  1. In the History list, go to the Action column, and then click Hide. Note that you can only hide rulesets that aren’t currently chosen as Protection Ruleset, Detection Ruleset, or Loaded Ruleset.
  2. Make sure that above the list, the option Show all rulesets is disabled.

Unhiding a ruleset

To unhide a hidden ruleset:

  1. In the History section, above the list, activate the option Show all rulesets. The list now also shows the hidden rulesets.
  2. Go to the line of the ruleset that you want to unhide. In the Action column, click Unhide.
  3. You can now deactivate the option Show all rulesets again. The ruleset remains visible in the list.