Skip to main content
Version: v8

WAF/WAAP

This section describes the knowledge base of how to use Haltdos WAF / WAAP to adequately protect Web & API applications.

Some of the WAF use cases are mentioned below:

  1. Configuring HTTP Redirection
  2. Configure Machine Learning for 0-day protection
  3. How to add custom headers for origin servers ?
  4. Sending custom header or cookies to the client
  5. Configuring multiple security profiles for complex applications
  6. Adding Health monitoring on backend servers
  7. Selecting appropriate Server Group based on the incoming request
  8. Configuring secure File upload
  9. Configuring passwords by enabling organization-specific password policy.
  10. Configuring AV Scanner for an application behind WAF
  11. Masking login credentials like passwords
  12. Preemptive bot protection by WAF
  13. Securing websites from brute force attack
  14. How to enable IPv6 support in the listener.
  15. How to configure custom HTML error page received from Haltdos Web Application Firewall.
  16. How do I configure a Syslog server on Haltdos WAF?
  17. How to check Incident details in Haltdos WAF plateform?
  18. How to change Web Application Firewall mode in between Record, Bypass & Mitigation?
  19. How can user restrict the file upload of any particular file extension?
  20. How to add custom listener ports post creating the listner?
  21. How to allow access to only few IPs for backend web application?
  22. How to change temperory blacklist duration?
  23. How to change load balancing algorithem for any server group?
  24. How to add a new server?
  25. How to create/add a new server group in a listener?
  26. How to mark any server as down true (soft down)?
  27. How to mark any server as backup server?
  28. How to upload SSL certificate and use them for a web application (listener)?
  29. How to add a custom security profile?
  30. How to mitigate bad reputation traffic with Haltdos WAF?
  31. How to whitelist any IP or IP segment for a listener?
  32. Modifying default signature status.
  33. How to configure JSON policies?
  34. How to configure the allowed HTTP methods?
  35. How to configure bot protection settings in order to ensure protection from reconnaissance and scraping activities?
  36. How to configure Blacklist and Whitelist IP addresses?
  37. How to allow/block and add suspicious crawlers?
  38. How to rate limit the end user requests?
  39. How to configure web extensions and restricted extensions and validation?
  40. Mitigating XSS attack
  41. Mitigating SQL injection attack
  42. How do user set maximum HTTP body and header size ?
  43. How to set/change the keep-alive timeout for server and client?
  44. Condition based redirection.
  45. How to set maximum allowed Bot request rate from a single client IP?
  46. How to set mitigation for Path/Directory traversal attack?
  47. How to set mitigation for OS command Injection?
  48. How to add client certificates?
  49. How to add a listener?
  50. How a user extract or set a custom variable by using Variable Rules in Haltdos WAF?
  51. How to make form rule to offers a positive security model for Application Firewall ?
  52. How to make Firewall rules that allow client to create custom security rules as per application logic?
  53. How the rate limit rule restrict over-usage of client application by throttling requests on matching users?
  54. How Whitelist rule allows to add exceptions on existing rules (custom and managed)?
  55. How to create a response rule to filter responses from applications and prevent sensitive data leaks?
  56. How to configure NTP through Haltdos Solution?
  57. How to mask sensitive data content like CCN/SSN?
  58. How to prevent sites from XML Bomb attack?
  59. How to prevent Cross-site Request Forgery through Haltdos WAF?
  60. How to configure TLS and SSL versions from Haltdos console?
  61. How to prevent sites from JSON injection?
  62. How to achieve better performance through Haltdos WAF?
  63. How WAF mitigate RCE attacks?
  64. How to whitelist request based on particular pattern?
  65. How to set rule staging from Haltdos console for managing Signatures?
  66. How to check the backend server down incident on Haltdos console?
  67. How to configure IP transparency through Haltdos Solution?
  68. Why do we need to configure web application to accept traffic from WAF only?
  69. How to capture packet and trace them through tcp dump utility?
  70. How to decrypt SSL/TLS traffic using Wireshark and private keys?
  71. How to decrypt SSL/TLS using Wireshark and SSLKEYLOGFILE environment variable on Firefox or Google Chrome using Wireshark?
  72. What are the baseline security approaches for an application onboarded on Haltdos WAF
  73. Primary troubleshooting steps for issues found in applications onboarded on Haltdos WAF
  74. Adding Admin/Member and configuring password
  75. Generate/Issue SSL certificate using Let's Encrypt
  76. Renew SSL Certificate using Let's Encrypt HTTP Challenge
  77. How to perform SSL/TLS DECRYPTION
  78. How to configure the capture rule to analyze the HTTPS traffic ?