Log4J rules now visible in UI
1640110803269
Our team has released multiple updates over the past week to keep up with the latest research, scans, and exploits we are seeing in the wild for the Log4J vulnerabilities. You can read more about the updates on Barracuda Campus.
Last week, we pushed rules to all WAF-as-a-Service customers to make sure everyone was protected. Starting today, you can view and edit these rules in the WAF-as-a-Service UI. You can, for example, disable the rules if you are sure you are not using a vulnerable version of Log4J.
The rules you will find are:
In the “Header Allow/Deny Rules” component: the “log4j_cookie_protection” rule protects against the vulnerability when sent in a cookie; the “log4j_all_header_protection” rule protects against the vulnerability when sent in a header.
In the “URL Access & Redirects” component: the "“log4j_url_protection” rule protects against the vulnerability when sent in a URL.
In addition, the “OS Command Injection” and “OS Command Injection Strict” attack types have been updated to include new signatures for the Log4J vulnerability. You can enable and disable these on the “URL Protection” and “Parameter Protection” components, and override them on a per URL or parameter basis in the “Application Profiles” component. See the note above on Barracuda Campus for full details on the Strict signature.
As always, contact us with any questions. We are available 24/7/365 via phone or email.
Did you like this update?
Leave your name and email so that we can reply to you (both fields are optional):
