Faq:::Difference between Basic and Advanced session security check of Application firewall

Difference between Basic and Advanced session of Application firewall.


??

Application Firewall Profile

When creating an Application Firewall profile, you are presented with the following two options:

• Basic
• Advanced

These options determine the learning mode and types of security checks that must be enabled. After the profile is created, the profile is not labeled as basic or advanced. If you choose basic when creating the profile, then the learning mode is not enabled by default.

If you choose advanced when creating the profile, then learning mode is enabled by default.

When you create a basic Application Firewall profile, the following security checks are enabled as shown in the screen shot:

When you create an advanced Application Firewall profile, the only security check that is disabled is Credit Card protection.

The following screen shot shows the security checks in an advanced Application Firewall profile:

??

Sessionization

The security checks disabled in the basic Application Firewall profile all operate on objects in the HTTP response. Therefore, these security checks are more resource intensive. When the Application Firewall performs response side protections, it needs to remember information sent to each individual client.

For example, if a form is protected by the Application Firewall, form field information sent in the response is retained in memory. When the client submits the form in the next subsequent request, it is checked for inconsistencies before the information is sent to the Web Server. This concept is referred to as Sessionization.

Security checks such as URL Enclosure within Start URL, Cookie Consistency, Form Field Consistency and CSRF Form Tagging all imply Sessionization. The amount of CPU and memory resources utilized by these security checks increments linearly with the number of requests sent through the Application Firewall.