Use the Web Protection tab on your Network IPS appliance to enable protection signatures that protect your web applications from well-known web application security attacks.
Navigating in IPS Local Management Interface: Secure Protection Settings > Security Modules > Web Application Protection
Navigating in SiteProtector™ Management: select the Web Application Protection policy
Option | Description |
---|---|
Show Security Events | Lists the security event signatures associated with the category. |
Enabled | Enables the web protection category. |
Ignore Event | Instructs the appliance to ignore events that match the criteria set for the event. |
Display | Defines how you want to display the event in the SiteProtector management console.
|
Block | Blocks the attack by dropping packets and sending resets to TCP connections. |
Log Evidence | Determines
the type of packets to capture when suspicious traffic triggers events.
The appliance logs files to the /var/iss/ directory.
|
Specifies the email name to receive alerts about events. Note: If
the email address does not appear in the list, you can configure email
in Secure Protection Settings > Response Tuning > Responses.
|
|
Quarantine | Specifies responses that block intruders, including worms
and Trojan horses, when the appliance detects events. Notes:
|
SNMP | Sends an SNMP trap including pertinent information about the
event. Note: If the SNMP trap does not appear in the list, you can
configure SNMP traps in Secure Protection
Settings > Response Tuning > Responses.
|
User Specified | Specifies a user specified response to security events. Note: If
the user-defined response does not appear in the list, you can configure
user-specified responses in Secure Protection
Settings > Response Tuning > Responses.
|
|
Configures shared tuning settings. Note: Shared Tuning signatures
cannot be assigned to unique protection domains. The appliance assigns
settings in shared tuning to the global protection domain. For more
information about shared tuning, see Configuring shared tuning.
Client-side
Attacks: The Enable Client Protection check
box enables Client-side Attack events for the global protection domain.
Use this if you want these events enabled for the global protection
domain but you applied the WAP policy to a custom protection domain.
The appliance assigns the Client-side Attack events to the global
protection domain. |