Product Documentation
Abstract
The IBM Knowledge Center provides sparse information on the Configuration and Administration of the ISAM Reverse Proxy Web Content Protection (Web Application Firewall).
This document is intended to present supplementary information for configuring and administrating the Web Content Protection component.
Content
The 'Web Content Protection' feature, or WAF (Web Application Firewall) is an IBM X-Force module that plugs into the Reverse Proxy.
One configures the component by navigating to 'Secure Web Settings -> Manage -> Reverse Proxy ->> select_proxy -> Manage -> Configuration -> Web Content Protection'
This menu allows you to perform the following actions :
A) Enable the WAF
B) Enable Simulation mode
- In this mode the WAF will evaluate and audit the request but will not act on the evaluation
C) Use Proxy HTTP Header
- This allows you to determine whether or not the 'X-Forwarded-For' header will be used to identify the client IP
There are two main sections :
Resource Actions
Registered Resources
The 'Resource Actions' allow you to define a Policy Set, so to say, of Events you'll be looking for.
When you create a 'new' 'Resource Action' you'll select how you want the module to evaluate specific events.
Some events have default protections and some do not.
You can edit how you want each to response : Block, Quarantine, Ignore
Creating a 'Resource Actions' will create a new '[pam-resource:<name>]' stanza in the Reverse Proxy configuration file.
This should correlate to the 'Registered Resources' which are specified to determine the URLs or File Types that should be evaluated by the PAM WAF module.
When you create a 'Registered Resource' a corresponding 'pam-resource-rule' entry is put into the Reverse Proxy configuration file.
The process flow works as such :
When PAM is enabled (even in simulation mode) and the Reverse Proxy receives a request it will check the URI to confirm whether it should be passed to the PAM layer.
- If it is passed to the PAM layer then PAM will search for a [pam-resource:<uri_pattern>]' stanza that matches
- If one matches, this custom rule set will be used on the resource
- If there is no match the default PAM rule set will be applied to the resource
- If it is not passed to the PAM layer then ISAM will move on
The following technical document includes a Help file that has documentation for all the WAF events :
http://www-01.ibm.com/support/
The following are the respective Reverse Proxy stanza documentation links :
[pam]
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/wrp_stza_ref/reference/ref_pam_stza.html
[pam-resource:<resource>]
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/wrp_stza_ref/reference/ref_pam_rsrc_stza.html
Document Location
Worldwide
Product Synonym
ISAM WCP; ISAM Web Content Protection; ISAM WAF; ISAM Web Application Firewall
Was this topic helpful?
Document Information
Modified date:
21 March 2019
UID
ibm10876242