Iranian Firewall
Detection of hidden attacks from the point of view of
intrusion detection systems and normal firewalls
in the lower layers
Web Application Firewall (ASPA WAF)

Web Application Firewall (ASPA WAF)

Increasing expansion of internet and virtual correspondence has influenced the communication environments. Websites are the most important interface for companies and individuals. This widespread utilization, opens important risks such as cyber-attacks on these sites. Active cyberspace security analysis institutions report more than 70% of cyber-attacks are originated from vulnerable websites. Web Application Firewall (WAF) by analyzing application layer communications, detects incidents which are hidden from intrusion detection systems and common firewalls. ASPA engineering Corp Web Application Firewall is positioned alongside an organization’s web brokers and focuses on web traffic. It detects web attacks and prevents hackers from infiltrating websites. ASPA WAF product works as a reverse proxy which could protect websites and applications without making any changes to them. This product is providing protection against most common attacks and OWASP vulnerabilities.

ASPA WAF system is designed as per the necessities of PCI DSS V3.0 (6.6 paragraph) and ISO/IEC 27001; It covers all important OWASP vulnerabilities. In this system, the latest security rules and emerging attack signatures from several international laboratories are combined. ASPA specific signatures are updated periodically and customers are provided with latest executable.

The nativeness of the technology used in ASPA WAF has been approved by the Working Group for the Evaluation and Recognition of Qualifications of Knowledge-Based Companies. Having local knowledge provides strong customer support. Creating a custom set of rules to address each customer's specific needs and vulnerabilities is part of this support. In addition to this knowledge, our focus on upgrading our QoS components sets us apart from other competitors. Specialized Web Cache design for static content processing as well as the use of compression algorithms compatible with all browsers, in addition to increasing security, significantly increases the speed of customers' web. The algorithms used for dynamic content as well as SSL compression also work. Features such as Ultra Cache and dedicated alert correlation are other benefits that will be added to the system in later versions.

✔️ Support HTTPS protocol ✔️ OWASP top ten vulnerabilities ✔️ Update to latest OWASP attack list in 2020 ✔️ Detecting crawlers, network bots and other malwares ✔️ Detecting addresses of spam blacklist from international updating references ✔️ Customizing attack pattern list ✔️ Customizing HTTPS protocol parameters ✔️ File upload checks (antivirus and volume control) ✔️ Preventing brute force attacks on forms ✔️ Detecting DoS attacks ✔️ Ability to prevent slow DoS ✔️ Detecting politicized DoS in long intervals ✔️ Web cache ✔️ Policy based web cache on RAM for reducing response time ✔️ Policy based content compression compatible to standard browsers ✔️ Ability to add new rule by system admins ✔️ Reviewing XML and JSON documents ✔️ Cookie signing ✔️ Analyzing http responses ✔️ Preventing information leakage ✔️ Support port forwarding ✔️ Ability to add service providers by static IP address or DNS name ✔️ Ability to load balancing ✔️ Ability to customize anomaly detection system ✔️ Ability to detect search engines and SEO compatibility ✔️ Ability to rate users and use automatic blacklist mechanisms ✔️ Ability to identify false-positive requests and propose relative exception rules ✔️ Ability to get backup automatically ✔️ Ability to send backup files automatically via SSH ✔️ High Availability in active/passive mode ✔️ Interface bonding (LACP) ✔️ SSL security reinforcement ✔️ Utilizing browser specific security features ✔️ Support for VLAN network configuration ✔️ Unlimited number of IP addresses ✔️ Ability to add static routes ✔️ Email reports ✔️ Syslog reports ✔️ Registering all system admin activities ✔️ Registering all users web transactions including normal accesses. ✔️ Registering malicious requests with more depth ✔️ Ability to filter access logs ✔️ Ability to filter malicious incidents ✔️ Statistical report from detected attacks ✔️ 100000 http transaction per second ✔️ NTP compatibility ✔️ Customizing error pages ✔️ Customizing attack lists ✔️ HTTPS Offloading to reduce processing HTTPS load resulting from decoding ✔️ URL rewriting in response body and location header ✔️ Default exception rules for compatibility with Persian language ✔️ Default exception rules for compatibility with valid content management system ✔️ Ability to manage bandwidth (http connections number, http transaction per second and download rate for each user (each IP address)) ✔️ Ability to manage bandwidth, (http connections number, http transaction per second and download rate for each user (per site)) ✔️ Geo Location ✔️ Ability to define admissible and forbidden path ✔️ Operational modes:  • Passive mode: Detection only  • Active mode: Detection and prevention  • Inactive mode: Just relay ✔️ Registering events and reporting ✔️ Reporting operational modes:  • Registering specific warnings (relevant only)  • Registering all events  • Mute ✔️ Ability to set tag for event ✔️ Statistical summary reports ✔️ Reports for complicated filters  • Reports from tagged events  • Reports from tagged events divided by domain name  • Reports from events based on importance  • Reports from events based on importance for each domain name  • Reports from events per HTTP response code  • Reports from events per HTTP response code for each domain name  • Identifying top 10 client who has the most events  • Identifying top 10 client who has the most anomaly score  • Identifying top 10 client who has the most insignificant total points  • Identifying top 10 client who has the most hazardous total points ✔️ Ability to observe attacks statistics in dynamic charts for different intervals ✔️ Dynamic table of 10 recent major attacks ✔️ Intelligent analysis of false-positive events and creating automatic pruning security rules ✔️ Ability to spend 4 GB/second for loading large files ✔️ Preventing XSS attacks ✔️ Preventing external and internal inclusion attack