Skip to content

Barracuda WAF Token

Service Name: Barracuda Web Application Firewall

Service Description: Barracuda Web Application Firewall (WAF) is a security solution that protects web applications from data breaches and defacement. It provides protection against various threats including SQL injections, cross-site scripting, malware uploads, DDoS attacks, and application-layer attacks.

Service Address: https://www.barracuda.com/products/webapplicationfirewall

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the WAF level through access control rules and trusted host configurations.

Secret Access Scope: Grants programmatic access to manage and configure Barracuda WAF settings, policies, and services through the REST API.

Secret Revokement URL: https://campus.barracuda.com/product/webapplicationfirewall/doc/79463361/rest-api/

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiYXJyYWN1ZGFfd2FmX3Rva2VuIiwibmFtZSI6IkJhcnJhY3VkYSBXQUYgQVBJIFRva2VuIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Suspicious Activity Investigation Instructions:

  • Review Barracuda WAF logs for unusual API calls or configuration changes
  • Check for unauthorized changes to security policies or rule sets
  • Monitor for unusual traffic patterns or blocked request spikes
  • Verify if there are any new trusted hosts or IP addresses added to the whitelist
  • Check for modifications to SSL certificates or authentication settings
  • Review any changes to service configurations or deployed applications

Mitigation Instructions:

  • Immediately revoke the compromised API token through the Barracuda WAF admin interface
  • Generate a new API token with appropriate permissions
  • Update the token in all legitimate applications and services
  • Review and revert any unauthorized changes made to WAF configurations
  • Enable multi-factor authentication for administrative access if available
  • Implement IP restrictions for API access to limit usage to known IP addresses
  • Review audit logs to understand the scope of the compromise
  • Update password policies and rotate credentials for all administrative accounts