Configuring a WAF Profile

Security Features : Using web application firewall policies : Configuring a WAF Profile

A WAF profile references the WAF policies that are to be enforced.

Table 61 describes the predefined profiles. In many cases, you can use predefined profiles to get started.

Table 61: Predefined WAF profiles
Predefined Profiles	Description
High-Level-Security	• Web Attack Signature policy: High-Level-Security • HTTP Protocol Constraints policy: High-Level-Security • SQL/XSS Injection Detection policy: High-Level-Security
Medium-Level-Security	• Web Attack Signature policy: Medium-Level-Security • HTTP Protocol Constraints policy: Medium-Level-Security • SQL/XSS Injection Detection policy: Medium-Level-Security
Alert-Only	• Web Attack Signature policy: Alert-Only • HTTP Protocol Constraints policy: Alert-Only • SQL/XSS Injection Detection policy: Alert-Only

If desired, you can create user-defined profiles. The maximum number of profiles per VDOM is 255.

Before you begin:

• You can use predefined WAF profiles, create profiles based on predefined feature options, or create profiles based on user-defined configuration objects. If you want to add user-defined configuration objects, you must create them before using this procedure to add them to a WAF profile.

• You must have Read-Write permission for Security settings.

After you have created a WAF profile, you can specify it in a virtual server configuration.

To configure a WAF Profile:

1. Go to Security > Web Application Firewall.

2. Click the WAF Profile tab.

3. Click Add to display the configuration editor.

4. Complete the configuration as described in Table 62.

5. Save the configuration.

Table 62: WAF Profile configuration
Settings	Guidelines
Name	Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.
Description	A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.
Web Attack Signature	Select a predefined or user-defined Web Attack Signature configuration object.
URL Protection	Select a user-defined URL Protection configuration object.
HTTP Protocol Constraint	Select a predefined or user-defined HTTP Protocol Constraint configuration object.
SQL/XSS Injection Detection	Select a predefined or user-defined SQL/XSS Injection Detection configuration object.