Handlers

Handler Group Connection

• Shortcut Handler (Global Handler)

  Tells vWAF to ignore all other handlers for specific URLs. This can be used to increase performance for parts of your web application that are completely static and thus don’t involve the risk of an attack.

• Log Request Response Handler (Global Handler)

  Logs all requests, including POST arguments, in a special log file, as well as response data. This information is used later by the Suggest Rules Wizard as the starting point for the suggested rules.

• Secure Connection Handler (Global Handler)

  Prevents attacks on the SSL stack on the web server. If certain properties aren’t met, vWAF denies the request with a configurable HTTP error code.

  Required by the Session Handler if an SSL session ID is to be used.

• ICAP Client Handler

  Provides the possibility to integrate with an ICAP server.

• Log Configuration Handler

  Allows additional information to be logged in the log files.

• Valid Client IP Handler

  Validates the IP address of the client being queried using a list of valid IP address ranges. Requests with an invalid IP address are denied by vWAF with a configurable HTTP error code.

• Time Period Handler

  Restricts the access to your web application or to parts of your web application (path) based on day of the week and time. Outside these permitted times, vWAF denies requests with a configurable HTTP error code.

• Limit Requests Per Second Handler

  Limits the maximum number of requests to be processed per time unit. The calculation is based on the token bucket procedure. If the permitted contingent of pending requests is exceeded, vWAF denies further requests with HTTP error code 503 (Service Unavailable) until more tokens are available.

• Event Per IP Per Path Prefilter Handler

  Special handler that triggers the Requests Per IP Per Path Per Timeframe Per Application Event Source. Only needed if this event source is to be used.

Handler Group Header

• Valid Request Handler

  Checks the validity of a request to ensure that it observes the syntax rules of the HTTP protocol and HTML code. If the request contains syntax errors, vWAF denies the request with the HTTP error code 403 (Forbidden).

• Valid HTTP Method Handler

  Limits the permitted HTTP methods for a request. Invalid requests are denied by vWAF with an HTTP error code conforming to the HTTP protocol.

• Classify Request Handler

  Notes an evaluation of the risk potential for each request in the log file. The evaluation of these log file entries will help you later on to optimize the present security configuration even further.

• Robots.txt Handler

  Generates a virtual robots.txt file, which is then supplied as the result of the query of the URL /robots.txt. This makes any robots.txt file already included in your web application ineffective.

• Required Header Field Handler

  Checks requests for the presence of specific headers. If there’s no header of this type, vWAF denies the request with the HTTP error code 403 (Forbidden).

• Check User Agent Handler

  Checks that the HTTP agent header sent by the browser is permitted, using a blacklist and a whitelist. Non-permitted requests are denied by vWAF with a configurable HTTP error code.

• Deny Handler

  When this handler is active, vWAF denies all requests with the HTTP error code 403 (Forbidden). Usually path-specific and only used temporarily.

• Redirect Handler

  Permits the dynamic generation of an HTTP redirect response as a response to the current request. If a request matches a predefined URL pattern, vWAF replaces this with a predefined character string.

• Invalid Cookie Handler

  Checks requests for manipulated cookies. If a cookie contains a non-permitted character string, vWAF denies the request with a configurable HTTP error code.

• Response Header Security Handler

  Enforces response header security options to improve client side security and prevent attacks such as content hosted by vWAF being embedded in frames in untrusted pages, cross site scripting and attacks based on browser MIME-type vulnerabilities.

• Cross Origin Resource Sharing Handler

  Checks and verifies, based on handler attributes and rules, whether or not to grant browser cross origin access to resources hosted by vWAF.

Handler Group Session

• Session Handler(Global Handler)

  With an active Session Handler, vWAF establishes a separate, secure session between the web server and the client. A cryptographically secure session ID is transferred into a cookie in the process.

• Cookie Jar Handler (Global Handler)

  Protects the cookies in your web application. Cookies are then no longer issued by the web server, but are stored by vWAF in the session created by the Session Handler. Protected cookies are therefore no longer forwarded to the client.

  Must be used in combination with the Session Handler.

• OWA Protection Handler (Global Handler)

  Protects the web application Microsoft Outlook Web Access in particular against brute force attacks and prevents access to third party mailboxes.

• Entry Point Handler (Global Handler)

  Forces the web application to go to specific URLs. When landing on a different URL, vWAF diverts to a specified URL.

  Only has an effect when the Session Handler is also active.

• Url Encryption Handler(Global Handler)

  Implements session-specific encrypted URLs. Redirects the request to a defined main page if the first request within a session is onto a page that isn’t included in a defined entry point list. Dynamically encrypts all links to pages that are located below the main page in the directory structure.

• Referer Handler

  Evaluates the HTTP referer header. In the event of access attempts with an undesirable HTTP referer, vWAF denies the request either with the HTTP error code 403 (Forbidden) or generates a redirect to a specific URL. Graylisting is possible as well. Only has an effect when the Session Handler is also active.

• Authentication Handler

  Protects a path via authentication.

• Virtualize Form Field Handler

  Encrypts form variables in POST requests with the help of the secure session ID generated by the Session Handler. This makes the field names unpredictable for an attacker.

Handler Group Input Protection

• Invalid Cookie Handler

  Checks the URL given in a request. Requests with an invalid URL are denied by vWAF with a configurable HTTP error code.

• Content Type Handler

  Limits the permitted content types for requests. Denies all requests that don’t state one of the configured content types.

• Whitelist Handler

  Checks requests for manipulated arguments in input fields. vWAF accepts the request only if an argument matches a specified whitelist.

• Invalid Parameter Handler

  Prevents manipulated URI parameters from reaching your web application.

• Invalid Args Handler

  Checks requests for manipulated arguments in input fields. If an argument is invalid, vWAF denies the request with a configurable HTTP error code.

• Invalid Request Handler

  Checks requests for invalid specifications of HTTP method, URI, arguments, parameters, header and body.

• Baseline Protection Handler

  Implements the rules that are created automatically by the Baseline Protection Wizard.

• Invalid Body Text Handler

  Checks the body of requests and responses for undesirable character strings. If this occurs, vWAF returns a configurable HTTP error code.

• Simple Form Protection Handler

  Simplified form of the Invalid Args Handler. Also checks requests for manipulated arguments in input fields. If an argument is invalid, vWAF denies the request with a configurable HTTP error code.

• Protect Form Handler

  Automatically scans all responses for hidden and protected form fields. By doing this, the handler automatically learns what these fields usually contain. If it later detects any suspicious discrepancy within a request, it denies this request with the HTTP error code 403 (Forbidden).

Handler Group Backend

• Hide Basic Auth Handler (Global Handler)

  Lets an HTTP Basic Auth based authentication of the web server look like a session and form-based authentication to the user. Only has an effect if the Session Handler and the Cookie Jar Handler are also active.

• Application Virtualization Handler (Global Handler)

  In requests, replaces one host name with another. As an option, also replaces the host name in responses if a specific content type is given in a response.

• Valid XML Handler

  Returns an error code if XML data sent with a request don’t adhere to a specified DTD.

• Check HTML Syntax Handler

  Verifies the syntax of the HTML code returned by your web application.

• Response Body Filter Handler

  Removes or replaces specific character strings from the body of the response returned to the user by the server.

• Script Handler

  Allows you to execute a Python script. This enables you to expand the scope of vWAF functions according to your specific requirements.

Internal System Handlers

In addition to the configurable handlers mentioned in the groups above, there are also a number of internal system handlers. These handlers can’t be manually configured and added to a ruleset. However, if they become active their names do appear in the log files (see Log File Entries).

• Block Traffic Handler

  Generates a log file entry when a request has been denied because the traffic has been blocked in the application control (see Application Control).

• Bypass Ruleset Handler

  Generates a log file entry when a request has been accepted because a ruleset has been deactivated in the application control.

• Malware Detection Handler

  Internally needed for Malware detection.

• No Configuration Found Handler

  Generates a log file entry if the host specified in a request didn’t match.

• No Customer Key Found Handler

  Generates a log file entry if there’s a customer key specified in the enforcer options but you didn’t use this customer key for any application.

• No Matching Path Found Handler

  Generates a log file entry if the host specified in a request was found, but no path matching the URL of the request is defined.

• Vulnerability Protection Handler

  Internally needed for Vulnerability Management.