Radware - WAF
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Radware - WAF

  • Dark
    Light
  • PDF

Overview

Radware-WAF is a Web Application Firewall to manage IP addresses

Pre- requisites to use Radware-WAF and DNIF

Outbound access required for connectivity between DNIF Setup and Radware-WAF

Protocol Source IP Source Port Direction Destination IP Destination Port
TCP DS,CR Any Egress Radware-WAF Host 443
Note

The above rule assumes both request and response in enabled

Radware-WAF trigger plugin functions

Details of the function that can be used with the Radware-WAF trigger is given in this
section.

block_source

This function allows to add a malicious or unauthorized IP address to a block list.

Input

  • Source IP Address

Example

_fetch $SrcIP, $IntelRef from event where $Intel=True limit 1
>>_trigger api radware-waf block_source $SrcIP

image.png

Output

The output of the trigger call has the following structure (for the available data)

Field Description
$RDWAF Apply Successfully Applied
$RDWAFMessage IP Blocked Successfully
$RDWAFSave Successfully Save
$RDWAFStatus ok or error

release_source

This function allows to release an already blocked IP address from the block list.|

Input

  • Source IP Address

Example

_fetch $SrcIP from event where $SrcIP=<blocked_ip_address> limit 1
>>_trigger api radware-waf release_source $SrcIP

image.png

Output

The output of the trigger call has the following structure (for the available data)

Field Description
$RDWAFApply Successfully Applied
$RDWAFMessage IP Released Successfully
$RDWAFSave Successfully Save
$RDWAFStatus ok or error

Using the Radware-WAF trigger API and DNIF

Getting started with Radware-WAF trigger API and DNIF

1.Place the radware-waf.tar.gz in the /var/tmp location of host machine
2.Login to your Data Store, Correlator containers. ACCESS DNIF CONTAINER VIA SSH
3.Copy the files on the server from location /var/tmp to the relevant
location using below commands:

cp /var/tmp/radware-waf.tar.gz /dnif/<D-Key>/trigger_plugins/

4.Move to the ‘/dnif/<D-Key>/trigger_plugins’ folder path.

cd /dnif/<D-Key>/trigger_plugins/

5.Extract the radware-waf.tar.gz using the following command

tar -xvzf radware-waf.tar.gz

6.Move to the ‘/dnif/<D-Key>/trigger_plugins/radware-waf/’
folder path and edit the dnifconfig.yml configuration file

Replace the tag: <Add_your_radware_*> with your Radware-WAF credentials
trigger_plugin:

Field Description
USERNAME <Add_your_radware_user>
PASSWORD <Add_your_radware_password>
HOST <Add_your_radware_host>
PORT <Add_your_radware_port>
TIMEOUT <Add_timeout>
API_CATEGORY <Add_api_category>

Was this article helpful?

What's Next