Sense Defence OWASP Core Rule Early Blocking
OWASP released early blocking feature for its core rules sets in Sprint 2022 and Sense defence adapted the changes immediately on its core rules selections. This feature is available for all users - including our community edition customers at free of charge.
What is Early Blocking?
ModSecurity, the engine below CRS, processes requests in multiple phases. The phase 1 is the request header phase, the phase 2 is the request body phase. Normal blocking of attacks happens at the end of phase 2. Now if CRS identifies an attack in phase 1, it will wait until the end of phase 2 to block the request. That is obviously a waste of resources (even if that waste is relatively small). But it is also a missed chance to finish off an attacker in time. Blocking requests at the end of phase 1 is called 'Early Blocking'
How to enable Early Blocking?
Navigate to Sense Defence Dashboard > Applications > Web Application Firewall > Configuration. This will open WAF configuration page.
On the 'General' tab you should be able to see 'OWASP Signature WAF'. Enable the WAF using the 'toggle' button.
Enable the 'Blocking Early' feature. Apply the configuration
Why it is important
With this feature the malicious requests will be blocked early and no further alert will be created. Sense Defence terminate attackers immediately, so they do not return for subsequent attacks. Early blocking and reducing the anomaly threshold are useful steps in this direction.
This is a recommended setting on Sense Defence OWASP WAF deployment.Related Articles
Sense Defence Firewall Rule Overview
With Sense Defence Firewall Rules, you can establish guidelines to examine incoming data traffic. Depending on the rule, you can then block, challenge, record, or permit particular requests. Key Features: Guided Protection: Take advantage of the ...Create Firewall Rule
In the Sense Defence firewall, each rule consists of an expression and an action. If an incoming HTTP request aligns with a rule's expression, Sense Defence will execute the designated action. Setting Up a Firewall Rule in Sense Defence Starting the ...Onboarding a Site to Sense Defence WAF
Sense Defence’s Web Application Firewall (WAF) offers both security and acceleration at the web application level. To begin the process of securing and speeding up a web application, a “site” must be added to a Sense Defence customer organisation. ...Onboarding Site to Sense Defence WAF
Sense Defence’s Web Application Firewall (WAF) offers both security and acceleration at the web application level. To begin the process of securing and speeding up a web application, a “site” must be added to a Sense Defence customer organisation. ...Sense Defence Certificate Management
Overview Sense Defence is an AI-powered Web Application Firewall (WAF) solution that offers robust features for SSL (Secure Sockets Layer) certificate management. Users can opt between generating a free wildcard certificate or uploading their own SSL ...