Advanced settings control various aspects of WAAS features.
Prisma Session Cookies set by WAAS are encrypted and signed to prevent cookie tampering. In addition, cookies include advanced protections against cookie replay attacks where cookies are harvested and re-used in other clients.
Body inspection can be disabled or limited up to a configurable size (in Bytes).
WAAS body inspection limit is 131,072 Bytes (128Kb). WAAS protection is subject to one of the following actions when the body inspection limit exceeds:
- Disable- The request is passed to the protected application.
- Alert- The request is passed to the protected application and an audit is generated for visibility.
- Prevent- The request is denied from reaching the protected application, an audit is generated and WAAS responds with an HTML page indicating the request was blocked.
- Ban- Can be applied on either IP or Prisma Session IDs. All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time period (default is 5 minutes) following the last detected attack.
A minimum Defender version of 22.01 (Joule) is required to enforce body inspection limitations using the above described actions.
This option is intended to defend web applications running on remote hosts which can not be protected directly by WAAS (e.g. Windows Servers).
Remote host option is only available for WAAS host rules.
- A "middle-box" host instance with WAAS supported OS should be set up.
- Traffic to the web application should be directed to the "middle-box" host.
- Ports on the "middle-box" host to which traffic is directed to should be unused (WAAS will listen on these ports for incoming requests).
- Incoming traffic to the "middle-box" host will be forwarded to the specified address (resolvable hostname or IP address) by WAAS.
Use of TLS and destination port is determined by the endpoint configuration in the App definition tab.
The following protected endpoints are defined in the App definition tab:
Remote host has been configured as follows:
Expected result would be as follows:
- HTTPS traffic to www.example1.com on port 443 would be forwarded via HTTPS to www.remotehost.com
- HTTP traffic to www.example1.com on port 80 would be forwarded via HTTP to www.remotehost.com
Protected endpoints with TLS enabled will not forward non-TLS HTTP requests.
Customize WAAS response message
- Prevent response code- HTTP response code
- Custom WAAS response message- HTML code to be served. Click on for a preview of the rendered HTML code.
User-provided HTML must start and end with HTML tags.
Prisma Event IDs
An event ID is included in the response header
X-Prisma-Event-Idand is also included in the default WAAS block message:
Recommended For You
Recommended videos not found.