Security Features : Using web application firewall policies : Configuring a URL Protection policy
 
Configuring a URL Protection policy
URL protection policies can filter HTTP requests that match specific character strings and file extensions.
Before you begin:
You must have Read-Write permission for Security settings.
After you have configured URL protection policies, you can select them in WAF profiles.
To configure a URL Protection policy:
1. Go to Security > Web Application Firewall.
2. Click the URL Protection tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in Table 56.
5. Save the configuration.
Table 56: URL Protection configuration
Settings
Guidelines
Name
Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
After you initially save the configuration, you cannot edit the name.
URL Access Rule
Full URL Pattern
Matching string. Regular expressions are supported.
Action
Alert—Allow the traffic and log the event.
Deny—Drop the traffic, send a 403 Forbidden to the client, and log the event.
The default is alert.
Severity
High—Log as high severity events.
Medium—Log as a medium severity events.
Low—Log as low severity events.
The default is low.
File Extension Rule
File Extension Pattern
Matching string. Regular expressions are supported.
Action
Alert—Allow the traffic and log the event.
Deny—Drop the traffic, send a 403 Forbidden to the client, and log the event.
The default is alert.
Severity
High—Log as high severity events.
Medium—Log as a medium severity events.
Low—Log as low severity events.
The default is low.