Use the Web Protection tab on the Web Application Protection page for the Network IPS appliance to enable protection signatures that protect your web applications from well-known web application security attacks.
Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Security Modules > Web Application Protection
Navigating in the SiteProtector™ system: select the Web Application Protection policy
Option | Description |
---|---|
Show Security Events | Lists the security event signatures that are associated with the category. |
Enabled | Enables the web protection category. |
Ignore Event | Instructs the appliance to ignore events that match the criteria that are set for the event. |
Display | Defines how you want to display the event in the SiteProtector Console:
|
Block | Blocks the attack by dropping packets and sending resets to TCP connections. |
Log Evidence | Determines the type of packet to capture
when suspicious traffic triggers events. The appliance logs files
to the /var/iss/ directory. You can retrieve
log evidence files from Review Analysis and
Diagnostics > Downloads > Logs
and Packet Captures > Log Evidence.
Note: Connection, Interface,
and All Interfaces are not available for the
SNORT feature.
|
Specifies the email
name that receives alerts about events. Note: If
the email address does not display in the list, you can configure
email responses in Secure Protection Settings > Response Tuning > Responses.
|
|
Quarantine | Specifies responses that block intruders, including worms
and Trojan horses, when the appliance detects events. Notes:
|
SNMP | Sends an SNMP trap that includes pertinent information about
the event. Note: If the SNMP trap does not display in the list, you
can configure SNMP traps in Secure Protection
Settings > Response Tuning > Responses.
|
User Specified | Specifies a user-specified response to security events. Note: If
the user-defined response does not display in the list, you can configure
user-specified responses in Secure Protection
Settings > Response Tuning > Responses.
|
|
Configures shared tuning settings. Note: Shared
Tuning signatures
cannot be assigned to unique protection domains. The appliance assigns
settings in shared tuning to the global protection domain. For more
information about shared tuning, see Configuring shared tuning.
Client-side
Attacks: The Enable Client Protection check
box enables Client-side Attack events for the global protection domain.
Use this option if you want to enable these events for the global
protection domain but you applied the WAP policy to a custom protection
domain. The appliance assigns the Client-side Attack events to the
global protection domain. |