WAF settings can be configured for each Virtual Service. Follow the steps below to configure the WAF options (Legacy) in a Virtual Service.

  1. In the main menu of the LoadMaster UI, select Virtual Services > View/Modify Services.
  2. Click Modify on the relevant Virtual Service.
  3. Expand the WAF Options (Legacy) section.

  4. By default, WAF is disabled. To enable WAF, select Enabled.

    When WAF is enabled for a Virtual Service, the section heading in the Virtual Service options changes from WAF Options (Legacy) to WAF Options (Legacy - Enabled)

    The maximum number of WAF-enabled Virtual Services is the total (unused or available) RAM (in MB)/512 MB. For example: 8 GB/512 MB = 16 WAF-enabled Virtual Services. When the maximum is reached, no additional Virtual Services can be enabled with WAF. A message displays if there is insufficient memory available to enable WAF.

    A message is displayed next to the Enabled check box showing how many WAF-enabled Virtual Services exist and the maximum number of WAF-enabled Virtual Services that can exist. If the maximum number of WAF-enabled Virtual Services is reached, the Enabled check box is greyed out.

  5. Specify the Default Operation type.

    The Default Operation is what occurs if no action is specified in the relevant rule.

    Audit Only: This is an audit-only mode – logs are created, but requests and responses are not blocked.

    Block Mode: Either requests or responses are blocked based on the assigned rules.

  6. Specify the Audit mode.
    There are three audit modes:
    • No Audit: No data is logged.
    • Audit Relevant: Logs data that is of a warning level and higher. This is the default option for this setting.
    • Audit All: Logs all data through the Virtual Service.
    Note: Selecting the Audit All option produces a large amount of log data. We do not recommend selecting the Audit All option for normal operation. However, the Audit All option can be useful when troubleshooting a specific problem.
  7. Specify whether or not to Inspect HTTP POST Request Content .

    The Inspect HTTP POST Request Content option is disabled by default. If you enable this option, three more check boxes become available that allow you to enablethe processing of JavaScript Object Notation (JSON), XML requests, and other content types.

  8. Enable Process Responses to verify response data sent from the Real Servers. .

    The processing of response data can be CPU and memory intensive.

  9. Specify the Hourly Alert Notification Threshold and click Set Alert Threshold.

    This is the number of incidents per hour before sending an alert. Setting this to 0 disables alerts.

  10. Assign rulesets by selecting them in the Available Rulesets section.
  11. Individual rules can be enabled/disabled per ruleset by selecting/clearing them in the box on the right.

    Rules can be filtered by entering a filter term in the Rule Filter text box.

    Clicking Clear All disables all rules for the selected ruleset.

    Clicking Set All enables all rules for the selected ruleset.

    Clicking the Reset button disables any rule sets and rules selected since the last time you clicked Apply.

  12. When finished enabling/disabling the relevant rulesets and rules, click Apply.

    Application-specific and application-generic rules cannot both be assigned to the same Virtual Service. If you try to do this, an error message (Cannot assign Application Specific and Application Generic rules simultaneously) appears to inform you that this is not possible.