What is a web application firewall?
The Edgenexus Application Firewall is a virtual appliance (Isolated container) that protects Web applications by controlling the conversation between the application and clients.
It runs at the application layer and aims to fill the security gap that traditional firewalls fail to address.
It can be download via the app store here and new rules can be downloaded here
You can also Test drive it online here
How it works
Edgenexus Application Firewall is an appliance that protects a Web application by controlling its input and output and the access to and from the application by inspecting the HTTP conversation between the application and clients according to a set of rules.
These rules cover common attacks such as cross-site scripting (XSS), SQL injection, session hijacking and buffer overflows which network firewalls and intrusion detection systems are often not capable of doing. The rules may be also used to enforce security policies required by PCI DSS or other security standards in order to block leakage of sensitive information like credit card numbers. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
A Set of PCI DSS rules come as standard to the product and can updates (assuming a valid support contract) via the software update function of the ALB
How to install
Deploy Edgenexus Application Firewall from the Library → Apps → Add-Ons section of Edgenexus ALB GUI, then navigate to Services → Add-Ons section of Edgenexus ALB GUI. Locate your newly deployed Add-On, give it a name and an External IP address, then press the Run button.
jetNEXUS ALB GUI: Add-Ons
Once the Add-on is started you may press the Add-On GUI button, which will open Edgenexus Application Firewall GUI in a new browser tab.
How to start using it
When you open the browser tab with Edgenexus Application Firewall GUI you will see a log in prompt. Please type in user name “admin” and password “jetnexus” for your first log in.
Edgenexus Application Firewall: Log In
You will be able to change the login credentials as well as create new users in the Management → Users section of Edgenexus Application Firewall GUI later.
After having logged in you will see a home page of Edgenexus Application Firewall GUI.
Edgenexus Application Firewall: Events overview
The home page displays a graphical overview of the events, i.e. filtering actions performed by the Application Firewall. The graphs will be very likely blank when you first open it as there were no any access attempts through the Application Firewall.
In order to define the domain that must be protected by the Application Firewall please navigate to the Management → Config section of Edgenexus Application Firewall GUI.
Edgenexus Application Firewall: Setting protected domain
Type in the domain name to be protected, for example “www.jetnexus.com” and press “Save” button.
How to set it up (HTTP)
Open Edgenexus ALB GUI and navigate to Services → IP-Services, then create a Virtual Service by specifying an IP address, network mask, port number – 80 and service type – HTTP.
Edgenexus ALB GUI: Creating a HTTP Virtual Service
Then define a Real Server by specifying its address and port number. Please put the container name as defined in the Add-Ons section of Edgenexus ALB GUI in the Real Server address field. Then open the Basic tab and choose Server Monitoring: 200OK.
How to set it up (HTTPS)
Setting up a HTTPS Virtual Service is very similar to HTTP, the difference is that the Virtual Service port number is 443 for HTTPS and a Virtual Service SSL Certificate must be chosen in the Basic tab.
Edgenexus ALB GUI: Creating a HTTPS Virtual Service
How to allowing traffic when a rule has blocked it
When firewall blocks an application resource, the rule that is blocking traffic, appears in the Blocking Rules list on the Whitelist page of Edgenexus Application Firewall GUI.
edgeNEXUS Application Firewall: Whitelisting rules
In order to prevent the firewall from blocking the valid application resource, please move the blocking rule to the Whitelisted Rules list, then press “Update configuration” button. Edgenexus Application Firewall will update its effective rule set and the whitelisted rules will not block traffic any more. Please try accessing the protected application again to verify that no other rule is blocking access.
How rules are updated
Edgenexus Application Firewall rules can be updated by installing Edgenexus WAF OWASP CRS software update. Edgenexus Application Firewall will automatically detect updated rule set, load and apply it. The IDs of whitelisted rules will be kept, however new rules may start blocking valid application resources. Please check the Blocking Rules list on the Whitelist page in this case.