Package | Description |
---|---|
org.owasp.esapi.waf.configuration |
This package contains the both the configuration object model and the
utility class to create that object model from an existing policy file.
|
org.owasp.esapi.waf.internal |
This package contains all HTTP-related classes used internally by the WAF for the implementation
of its rules.
|
org.owasp.esapi.waf.rules |
This package contains all of the Rule subclasses that correspond to policy file entries.
|
Modifier and Type | Method and Description |
---|---|
List<Rule> |
AppGuardianConfiguration.getAfterBodyRules() |
List<Rule> |
AppGuardianConfiguration.getBeforeBodyRules() |
List<Rule> |
AppGuardianConfiguration.getBeforeResponseRules() |
List<Rule> |
AppGuardianConfiguration.getCookieRules() |
Modifier and Type | Method and Description |
---|---|
void |
AppGuardianConfiguration.addAfterBodyRule(Rule r) |
void |
AppGuardianConfiguration.addBeforeBodyRule(Rule r) |
void |
AppGuardianConfiguration.addBeforeResponseRule(Rule r) |
void |
AppGuardianConfiguration.addCookieRule(Rule r) |
Constructor and Description |
---|
InterceptingHTTPServletResponse(javax.servlet.http.HttpServletResponse response,
boolean buffering,
List<Rule> cookieRules) |
Modifier and Type | Class and Description |
---|---|
class |
AddHeaderRule
This is the Rule subclass executed for <add-header> rules.
|
class |
AddHTTPOnlyFlagRule
This is the Rule subclass executed for <add-http-only-flag> rules.
|
class |
AddSecureFlagRule
This is the Rule subclass executed for <add-secure-flag> rules.
|
class |
AuthenticatedRule
This is the Rule subclass executed for <authentication-rules> rules.
|
class |
BeanShellRule
This is the Rule subclass executed for <bean-shell-script> rules.
|
class |
DetectOutboundContentRule
This is the Rule subclass executed for <detect-content> rules.
|
class |
EnforceHTTPSRule
This is the Rule subclass executed for <enforce-https> rules.
|
class |
GeneralAttackSignatureRule
This is the Rule subclass executed for <general-attack-signature> rules, which
are not currently implemented.
|
class |
HTTPMethodRule
This is the Rule subclass executed for <restrict-method> rules.
|
class |
IPRule
This is the Rule subclass executed for <detect-source-ip> rules.
|
class |
MustMatchRule
This is the Rule subclass executed for <must-match> rules.
|
class |
PathExtensionRule
This is the Rule subclass executed for <restrict-extension> rules.
|
class |
ReplaceContentRule
This is the Rule subclass executed for <dynamic-insertion> rules.
|
class |
RestrictContentTypeRule
This is the Rule subclass executed for <dynamic-insertion> rules.
|
class |
RestrictUserAgentRule
This is the Rule subclass executed for <restrict-user-agent> rules.
|
class |
SimpleVirtualPatchRule
This is the Rule subclass executed for <virtual-patch> rules.
|
Copyright © 2016 The Open Web Application Security Project (OWASP). All rights reserved.