Virtual patching

A virtual patch allows blocking malicious requests even in the monitoring mode or when a request doesn't seem to contain any known attack vectors.

Virtual patches are especially useful in cases when it is impossible to fix a critical vulnerability in the code or install the necessary security updates quickly.

If attack types are selected, the request will be blocked only if the filter node detects an attack of one of the listed types in the corresponding parameter.

If the setting Any request is selected, the system will block the requests with the defined parameter, even if it doesn't contain an attack vector.

Example: blocking SQLi attack in the GET parameter id

If

  • the application is accessible at the domain example.com
  • application's parameter id is vulnerable to SQL injection attacks
  • the filter node is set to the monitoring mode
  • attempts of vulnerability exploitation must be blocked

Then, to create a virtual patch:

  1. Go to Settings -> Rules
  2. Find the branch example.com/**/*.* and click Add rule
  3. Choose Create a virtual patch
  4. Choose SQLi as a type of attack
  5. Choose GET id after in this part of request
  6. Click Create

Example: block all requests with the GET parameter refresh

If

  • the application is accessible at the domain example.com
  • the application crashes once processing the GET parameter `refresh
  • attempts of vulnerability exploitation must be blocked

Then, to create a virtual patch,

  1. Go to Settings -> Rules
  2. Find the branch example.com/**/*.* and click Add rule
  3. Choose Create a virtual patch
  4. Choose Any request
  5. Choose GET refresh after in this part of request
  6. Click Create

results matching ""

    No results matching ""