Skip to main content

Protecting a Web Application

The chapter First Steps describes in detail how to make a web application accessible via nevisProxy. Depending on the type of application, you use one of the following patterns:

  • Web Application pattern:
    • Suitable for form-based web applications as well as for hybrid applications consisting of a single-page application and REST API.
    • Provides simple header-based CSRF protection by default.
    • Provides ModSecurity with OWASP Core Rule Set by default.
    • You can customize the CSRF protection and the ModSecurity rules directly in the Web Application pattern screen:
      • CSRF protection: Select "custom" from the drop-down menu in the Security: CSRF Protection field, then assign and configure the add-on pattern CSRF Protection Settings via the Additional Settings field.
      • ModSecurity rules: Select "custom" from the drop-down menu in the Security: Request Validation field, then assign and configure the add-on pattern Request Validation Settings via the Additional Settings field.
  • REST Service pattern:
    • Used for stand-alone REST APIs.
    • Will have options for CORS in future releases.
  • SOAP Service pattern:
    • Will have options for schema validation in future releases.
note

You can add extra security features to all patterns in the GUI, by assigning add-on patterns via the Additional Settings field. You can find this field on the bottom of the screen where you configure the pattern.