Table of Contents
Advertisement
How are Signatures Used to Prevent Attacks?
For Cross Site Scripting, Injection Flaws, Malicious File Execution, and Insecure Direct Object
Reference vulnerabilities, the Web Application Firewall feature uses a black list of signatures
that are known to make Web applications vulnerable. New updates to these signatures are
periodically downloaded from a Dell SonicWALL signature database server, providing
protection from recently introduced attacks.
When input arrives from the Internet, Web Application Firewall inspects HTTP/HTTPS request
headers, cookies, POST data, query strings, response headers, and content. It compares the
input to both a black list and a white list of signatures. If pattern matching succeeds for any
signature, the event is logged and/or the input is blocked if so configured. If blocked, an error
page is returned to the client and access to the resource is prevented. If blocked, an error page
is returned to the client and access to the resource is prevented. The threat details are not
exposed in the URL of the error page. If configured for detection only, the attack is logged but
the client can still access the resource. If no signature is matched, the request is forwarded to
the Web server for handling.
64 | SRA 6.0 Administrator's Guide
Hide quick links:
Advertisement
Chapters
Table of Contents
