Configuring a Local WAF

Note

You do not need to setup a local WAF for package managed installs of apache. AED will detect if a package managed version of Apache is installed, and will install the WAF module into apache embedded mode, as described above. For custom apache installs, please follow these directions.

To setup a local WAF simply follow these steps:

Step 1: Log into the AED GUI.

Step 2) Click the WAF tab

Step 3) Select WAF Config

This will pull up the WAF Config window, which will show the existing WAFs.

Step 4) Click “Enable T-WAF”. If you see “Disable T-WAF” this option has already been enabled.

Step 5) Click “Add”

This will will pull up the “Add WAF Config” window.

Step 6) Click on the “Add protection for” drop down. Select “local”

• This will present you with two options:

  1. Local Port: Type in the local HTTP/HTTPS port you wish to protect. Only type in one port number.

     Note

     Check if you have any embedded WAFs installed on the system before you do this. If you have an embedded WAF already installed on port 80, as should occur if you have Apache installed (and its package managed), then enabling the T-WAF in front of Apache would create a loop. Its not necessary to put a WAF in front of a service that is protected via embedded mode.

  2. SSL: Select this if the service you wish to protect is SSL based.

     • If you select SSL, then you will see the following options:

       • Path to SSL Certificate: Provide the filesystem path to the SSL certificate for this service.

       • Path to SSL Key file: Provide the filesystem path to the SSL key file for this service.

Step 7) Then click Save

Note

You do not need to reconfigure your web server to use a different port, AED will transparently intercept the packets to your web server based on the port you configure above. If you change your web servers port, AED will not intercept packets to that port.