Install and Remove Virtual Patches
Click to view navigation pane

Home

Install and Remove Virtual Patches

If you have Qualys Web Application Firewall (WAF) in your subscription, you can use WAF to protect against vulnerabilities by installing virtual patches.

Note: To view the install patch option in the Actions menu, you must have WAF enabled in your subscription and your web application must be defined within the WAF management user interface. You need the Create WAF Rule permission.

Install Patch

To get the list of patchable detections, in the Detections tab, search for web applications on which WAF is activated and the detections on which patch is available.

search patchable detections

To install patch, select a detection and click Install Patch from the Actions menu.

install patch

In the Install Patch window, follow the steps:

- Rule DetailsRule Details

Enter a unique name and provide a description (optional) for the WAF security rule.

When edit a rule, you can choose different owner. Initially, the user who creates a rule is the owner.

Tags

Select tags to apply to the Custom Rule. Users with the applied tags in their scope will have access to it. Click Create to add a new tag.

- ConditionsConditions

Define the conditions that form the rule and then add the specifications for the condition. When you type, you can choose from the list of values that are populated. You can add one or multiple conditions to a rule.

install patch - conditions

Tip: Place the cursor in the When field, and press the down arrow key on your keyboard to get a list of all available keys. Syntax help is available for every key.

Press enter to add the condition. Click Add to create a new condition.

For details on defining rule conditions, see Custom Rules.

- ActionsActions

Action

Select what action to take when events match the condition in the rule.

install patch - actions

The list of actions contains:

Allow - allow access with security protections applied as normal.

Block - stop matching traffic at point of access and return blocked response.

Insert header - add an HTTP header to the response. You can add a security header which instructs the browser exactly how to behave when it handles your website’s content and data. An example of a security header could be an XFO header to mitigate clickjacking attacks: x-frame-options: SAMEORIGIN.

Rewrite header - set/modify an HTTP header present in the response.

Strip header - delete an HTTP header present in the response.

Redirect - add the URL and we will redirect the traffic to the URL you specify.

Block with custom page - stop matching traffic at point of access and return a custom response. If you wish to use custom page, select Block with custom page from Action, and then select a custom response page that you have created. Click Edit to modify the selected custom response page, or click Create to add a new custom response page.

Log

Select Yes if you want to log the events.

- Review and ConfirmReview and Confirm

Review the defined settings and click Save. You can also edit and update the settings.  

install patch - confirm

The patch rule gets added to your firewall.

Remove Patch

If you want to remove patch from a patched vulnerability, select the vulnerability and click Remove Patch from the Quick Actions menu.

remove patch

In the Remove Virtual Patch window, click Ok.

remove patch confirm

The firewall rule associated with the patch will be removed.

 Note - Unpatched vulnerabilities will be detected again by future scans if they still exist.