Web application firewall commands
Web application firewall mode provides the commands to create or modify a web application firewall.
To enter the mode, use the global web-application-firewall command. To delete a web application firewall, use the no web-application-firewall command.
While in this mode, use the commands in the following table to define a web application firewall.
- To view the current configuration, use the show command.
- To restore default values, use the reset command.
- To exit this configuration mode without saving changes to the running configuration, use the cancel command.
- To exit this configuration mode and save changes to the running configuration, use the exit command.
| Command | Purpose |
|---|---|
| admin-state | This command sets the administrative state for the configuration. |
| allow-cache-control | This command specifies whether an HTTP GET method to the web
application firewall can pass the Cache-Control header to the
target. |
| back-persistent-timeout | This command sets the inter-transaction timeout for web application firewall to server connections. |
| back-timeout | This command sets the intra-transaction timeout for web application firewall to server connections. |
| chunked-uploads | This command controls whether the web application firewall can send chunked-encoded documents to the target server. |
| delay-errors | This command controls whether the web application firewall delays error messages to avoid a padding oracle. |
| delay-errors-duration | This command specifies the duration that the web application firewall delays error messages after request decryption. |
| error-policy | This command associates the error handling policy to the web application firewall. |
| follow-redirects | This command controls the resolution of redirects for the web application firewall. |
| front-persistent-timeout | This command sets the inter-transaction timeout for web application firewall-to-client connections. |
| front-timeout | This command sets the intra-transaction timeout for web application firewall to client connections. |
| host-rewriting | This command controls whether the web application firewall rewrites
the Host header to reflect the final route. |
| http-back-version | This command sets the HTTP version for server connections from the web application firewall. |
| http-client-ip-label | This command identifies which HTTP header contains the client IP address for the web application firewall. |
| http-front-version | This command sets the HTTP version for client connections to the web application firewall. |
| http-global-tranID-label | This command identifies which HTTP header contains the global transaction ID for the web application firewall. |
| listen-on | This command defines the handlers that the web application firewall listens, controls TLS connections, and specifies the character encoding of the original basic authentication values. |
| priority | This command sets the service-level priority for the web application firewall. |
| remote-address | This command sets the address of the remote server for the web application firewall. |
| remote-port | This command specifies the remote TCP port for the web application firewall. |
| request-security | This command controls the enforcement of security on client requests. |
| response-security | This command controls the enforcement of security on server responses. |
| rewrite-errors | This command controls the rewriting of error messages for the web application firewall to avoid providing a padding oracle. |
| security-policy | This command associates an application security policy. |
| ssl-client | This command associates a TLS client profile with the web application firewall. |
| ssl-config-type | This command sets the TLS profile type for the web application firewall. |
| ssl-server | This command associates a TLS server profile with the web application firewall. |
| ssl-sni-server | This command associates a TLS SNI server profile with the web application firewall to secure connections. |
| stream-output-to-back | This command specifies server-facing streaming behavior for the web application firewall. |
| stream-output-to-front | This command specifies client-facing streaming behavior for the web application firewall. |
| summary | This command specifies the brief, descriptive summary for the object instance. |
| uri-normalization | This command controls the normalization of URIs before message processing. |
| xml-manager | This command associates an XML manager with the web application firewall. |