2 Replies Latest reply on Jan 25, 2010 2:49 PM by mzipf

    IPS Signatures for HTTP/S Application Firewall

      Can this feature be considered an inline Web Application Firewall or do the checks only go as deep as protocol enforcement.

       

      Where can I find an overview of the standard IPS rules that ship with this product?

      Can I augment the rule set to implement WAF esque rules?

       

      Any insights from the community appreciated.

        • 1. Re: IPS Signatures for HTTP/S Application Firewall

          So the "Community" thing is not working out .... ummm any McAfee employees want to chime in

          or are you going to make me open a ticket?

          • 2. Re: IPS Signatures for HTTP/S Application Firewall
            mzipf

            The http proxy does enforce the http rfc, and there are a few things like the ssl renegotiation exploit that we have fixes for, but it doesn't do much more than rfc enforcement unless you turn on IPS. If you enable IPS, it can catch other kinds of attacks if there is an IPS signature that matches. You can find a list of signatures and attacks in the signature browser in the GUI, and you can add custom signatures to prevent specific attacks if you want. You can find documentation on this in our KB, specifically KB63125. If you have problems or more detailed questions, I would suggest opening a ticket with support.