IBM Support

IBM Security Access Manager Reverse Proxy Web Content Protection Supplementary Information

Product Documentation


Abstract

The IBM Knowledge Center provides sparse information on the Configuration and Administration of the ISAM Reverse Proxy Web Content Protection (Web Application Firewall).

This document is intended to present supplementary information for configuring and administrating the Web Content Protection component.

Content

The 'Web Content Protection' feature, or WAF (Web Application Firewall) is an IBM X-Force module that plugs into the Reverse Proxy.

 One configures the component by navigating to 'Secure Web Settings -> Manage -> Reverse Proxy ->> select_proxy -> Manage -> Configuration -> Web Content Protection'

image-20190314171508-1

 This menu allows you to perform the following actions :

A) Enable the WAF

B) Enable Simulation mode

  • In this mode the WAF will evaluate and audit the request but will not act on the evaluation

C) Use Proxy HTTP Header

  • This allows you to determine whether or not the 'X-Forwarded-For' header will be used to identify the client IP

 

There are two main sections :

Resource Actions

Registered Resources

 

The 'Resource Actions' allow you to define a Policy Set, so to say, of Events you'll be looking for.

When you create a 'new' 'Resource Action' you'll select how you want the module to evaluate specific events.

 Some events have default protections and some do not.

 You can edit how you want each to response : Block, Quarantine, Ignore

 

Creating a 'Resource Actions' will create a new '[pam-resource:<name>]' stanza in the Reverse Proxy configuration file.

 This should correlate to the 'Registered Resources' which are specified to determine the URLs or File Types that should be evaluated by the PAM WAF module.

 When you create a 'Registered Resource' a corresponding 'pam-resource-rule' entry is put into the Reverse Proxy configuration file.

 The process flow works as such :

 When PAM is enabled (even in simulation mode) and the Reverse Proxy receives a request it will check the URI to confirm whether it should be passed to the PAM layer.

  • If it is passed to the PAM layer then PAM will search for a [pam-resource:<uri_pattern>]' stanza that matches
    • If one matches, this custom rule set will be used on the resource
    • If there is no match the default PAM rule set will be applied to the resource
  • If it is not passed to the PAM layer then ISAM will move on

 

The following technical document includes a Help file that has documentation for all the WAF events :

http://www-01.ibm.com/support/docview.wss?uid=swg21498057

 

The following are the respective Reverse Proxy stanza documentation links :

[pam]

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/wrp_stza_ref/reference/ref_pam_stza.html

[pam-resource:<resource>]

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/wrp_stza_ref/reference/ref_pam_rsrc_stza.html

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"Web Application Firewall;Reverse Proxy","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"8.0.X;9.0.X","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

ISAM WCP; ISAM Web Content Protection; ISAM WAF; ISAM Web Application Firewall

Document Information

Modified date:
21 March 2019

UID

ibm10876242

Page Feedback