Our featured countermeasure this month is Responder Policies. Responder Policies give administrators the ability to manage traffic more effectively with WAF without needing to write complex configurations on their servers. For instance, to serve a quick redirect or to deliver a custom HTTP Response. Each WAF policy allows 30 Responder Policies.
Responder policies consist of 2 parts. The first part is the action, which can be any one of the following:
- Drop
- Log
- Redirect to a different URL
- Respond with a custom HTTP response
The second part is a set of matches. Each Responder Policy can have 4 matches of various types against each of the following criteria:
- Content Type
- Cookie Set Names
- Destination Port
- Header Section
- Header Section Size
- Hostname
- Query String
- HTTP Referer
- Request Size
- Source IP
- URL Path
- X Forwarded For
For example, in the following Responder Policy, we have a sitewide rate control that responds with a custom HTTP response to tell very chatty bots to wait 10 minutes. A higher rate control could drop their traffic.
We respond with the following HTTP response:
HTTP/1.1 429 Too Many Requests\nRetry-After: 600\n\n
And in the following Responder Policy, we redirect traffic from www.vercara.com to https://vercara.com.
A similar Responder Policy could be used to redirect HTTP traffic to HTTPS by matching on destination port 80 and optionally matching on a hostname.
Get effective WAF protection.
To learn more about how Vercara’s UltraWAF can provide your organization with effective WAF protection, visit our product page.
