How Does Application Profiling Work?

The administrator can configure application profiling on the Web Application Firewall > Rules page. Application profiling is performed independently for each portal.

After selecting the portal, you can select the type of application content that you want to profile. You can choose HTML/XML, Javascript, CSS, or All, which includes all content types such as images, HTML, and CSS. HTML/XML content is the most important from a security standpoint, because it typically covers the more sensitive web transactions. This content type is selected by default.

Content types can be saved for applications currently being profiled.

The SMA learns the following HTTP Parameters:

• Disabled – The generated rules are disabled rather than active.
• Detect Only – Content triggering the generated rule is detected and logged.
• Prevent – Content triggering the generated rule is blocked and logged.