Web Protection on Web Server

VSP Web deployed on Web Server

VSP-Web component deployed on Web servers is “language stack independent”, providing greater compatibility with different Web servers. It is deployed as a filter with minimum/no instrumentation, supporting both VMs and Containers. 

VSP-Web is deployed on the Web Server along with the standard VSP vRule (Embedded or Remote) components as depicted  below:

Web Services vs Application Services

The table below provides the vulnerability coverage comparison between Web Services and Application Services

Web Protection Workflow

VSP Web can be deployed on Web Server using the below steps

1. STEP 1: Create Web Profile
2. STEP 2: Application Creation
   1. Navigate to Manage > Web > Application Provisioning in the left navigation pane of CMS. Click ADD APPLICATION
   2. Provide Application (Name) and Version (Optional). Click NEXT
   3. Select the Server Type as Web Server 
   4. Provide the below information

      Field Name	Description
      Web Server Name	Name of the Web Server
      Web Server Description	Short description of the Web Server
      Web Server Command Line	The exact command for starting the Web Server. Examples: service httpd start (For Apache); service nginx start (For Nginx)
      Protection Profile (optional)	Select the appropriate Protection Profile from the dropdown
      Host Name	List of all the associated host names separated by comma
      Web Profile Name	Select the appropriate Web Profile from the dropdown
      Select Vulnerabilities	Select the vulnerabilities against which VSP-Web (on Web Server) Protection is desired. The protection level can be configured for each vulnerability. By default, when a vulnerability is selected, the associated protection mode is set to Detect Note: For HTTP Profile, ensure that Protocol Enforcement vulnerability is selected. If any Deny rule is configured for Custom Injection, ensure that it is selected

      
      

      
3. STEP 3: Provision Application
   1. For VMs, ensure that the appropriate Instances are associated with the Application and it is secured using the below button
   2. For containers, the instances are automatically associated and the Application is secured
4. STEP 4: Monitor Incidents – Based on the configured rules, the HTTP requests are allowed/blocked. The blocked requests are reported as incidents. To view the incidents, navigate to the below page in the left navigation pane
   1. Version 3.1.1 and Above: TrustGuardian > Incidents
   2. Version 3.1.0 and Below: Monitor > Incidents 
5. STEP 5: Add Exceptions – If undesired incidents are received, create exceptions for them to prevent receiving such incidents in the future. Refer Exceptions in Create Web Profile for more information 

Use Cases

Below are a few of the VSP-Web use case scenarios where VSP-Web can be deployed on Web Server

1. In cases where VSP-Web is not compatible with the Customer workload, VSP-Web (on Web Servers) can be utilized to provide VSP security

   
   

2. In cases where VSP-Web is partially compatible with the Customer workloads, VSP-Web (on Web Servers) can be deployed to achieve complete coverage. In the diagram below, Workload 1 and Workload 2 are secured by VSP-Web (on Application Server). For Workload 3, VSP-Web (on Web Servers) can be utilized