Global configuration

The App Firewall global configuration affects all profiles and policies. The Global Configuration items are:

  • Engine Settings. A collection of global settings—session cookie name, session time-out, maximum session lifetime, logging header name, undefined profile, default profile, and import size limit—that pertain to all connections that the App Firewall processes, rather than to a specific subset of connections.
  • Confidential Fields. A set of form fields in web forms that contain sensitive information that should not be logged to the App Firewall logs. Form fields such as password fields on a logon page or credit card information on a shopping cart checkout form are normally designated as confidential fields.
  • Field Types. The list of web form field types used by the Field Formats security check. Each of these field types is defined by a PCRE-compliant regular expression that defines the type of data and the minimum/maximum length of data that should be allowed in that type of form field.
  • XML Content Types. The list of content types recognized as XML and subjected to XML-specific security checks. Each of these content types is defined by a PCRE-compliant regular expression that defines the exact MIME type assigned to that content.
  • JSON Content Types. The list of content types recognized as JSON and subjected to JSON-specific security checks. Each of these content types is defined by a PCRE-compliant regular expression that defines the exact MIME type assigned to that content.

Global configuration

In this article