Barracuda Web Application Firewall

LAST UPDATED: FEB 24, 2025

Overview

Barracuda Web Application Firewall protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. By combining signature-based policies and positive security with robust anomaly-detection capabilities, Barracuda Web Application Firewall can defeat today’s most sophisticated attacks targeting web applications.

Barracuda Web Application Firewall is available for use in:

D3 SOAR	V16.8+
Category	Network Security
Deployment Options	Option I, Option III

Connection

To connect to Barracuda Web Application Firewall from D3 SOAR, please follow this part to collect the required information below:

Parameter	Description	Example
Server URL	The server URL of your Barracuda Web Application Firewall instance.	https://*****:8443
User Name	The user name to generate the access token.	jdoe
Password	The password to generate the access token.	*****
API Version	The API version to use for the connection.	v3.2

Configuring D3 SOAR to Work with Barracuda Web Application Firewall

Log in to D3 SOAR.
Find the Barracuda Web Application Firewall integration.
1. Navigate to Configuration on the top header menu.
2. Click on the Integration icon on the left sidebar.
3. Type Barracuda Web Application Firewall in the search box to find the integration, then click it to select it.
4. Click New Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Barracuda Web Application Firewall.
1. Connection Name: The desired name for the connection.
2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
5. Description (Optional): Add your desired description for the connection.
6. Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
7. Configure User Permissions: Defines which users have access to the connection.
8. Active: Check the tick box to ensure the connection is available for use.
9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
  1. Input the Server URL.
  2. Input the User Name.
  3. Input the Password.
  4. Input the API Version. The default value is v3.2.
10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
11. Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
  To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.
Test the connection.
1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
2. Click OK to close the alert window.
3. Click Add to create and add the configured connection.

Commands

Barracuda Web Application Firewall includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Barracuda Web Application Firewall API, please refer to the Barracuda Web Application Firewall API reference.

Note for Time-related parameters

The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:

Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose your desired date and time format, then click on the Save button.

After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.

Create Service

Creates a new virtual service.

Input

Input Parameter	Required /Optional	Description	Example
Service Name	Required	The name of the web application service. The maximum length of the Service Name is 64 characters.	service_app1_secure
Address Version	Optional	The IP address version, IPv4 or IPv6.	IPv4
App ID	Optional	The Service App ID. The maximum length of the Service App ID is 63 characters.	*****
Certificate	Optional	The ID of the certificate.	*****
Comments	Optional	A comment on the service.	This is a demo service
IP Address	Optional	The IP address of the service.	*...*
Mask	Optional	The subnet mask for the service.	*...*
ECDSA Certificate	Optional	The ID of the ECDSA (Elliptic Curve Digital Signature Algorithm) certificate.	*****
Service Group	Optional	The name of the service group. The maximum length of service group name is 64 characters.	serviceGroup1
Port Number	Optional	The port number, between 1 and 65535.	443
Secure Site Domain	Optional	The secure site domains.	JSON `[ "securesite.example.com" ]`
Session Timeout	Optional	The session timeout in seconds, between 0 and 86400. By default, the value is 0.	3600
Status	Optional	The service status. Available options are: On Off	On
Type	Optional	The service type. Available options are: HTTP HTTPS Instant SSL Redirect Service Custom Custom SSL FTP FTP SSL.	HTTPS
Vsite	Optional	The name of the Vsite on which to create the service.	Default

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Create Service failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Bad request.

Error Sample Data

Create Service failed.

Status Code: 400.

Message: Bad request.

List Security Policies

Retrieves security policies from the Barracuda Web Application Firewall.

Input

Input Parameter	Required /Optional	Description	Example
Groups	Optional	Filters security policies by groups. By default, the security policies of all groups will be returned.	JSON `[ "Security Policy", "URL Protection" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Security Policies failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Bad request.

Error Sample Data

List Security Policies failed.

Status Code: 400.

Message: Bad request.

List Services

Retrieves services from Barracuda Web Application Firewall.

Input

Input Parameter

Required /Optional

Description

Example

Group

Optional

Filters services by service groups. Available values are:

Website Profile
URL Optimizer
URL ACLs
IP Reputation
URL Profile
HTTP Request Rewrite
Parameter Optimizer
URL Translation
WaaS Provisioning Info
Provisioning Info
SSL Security
Supply Chain
XML Protected URL
Adaptive Profiling
Rule Group
SSL OCSP
Instant SSL
FTP
Comment Spam
SSL CRL
SSL Client Authentication
Referer Spam
HTTP Response Rewrite
Web Socket Policy
Access Rule
Service
Form Spam
JSON Profile
WaaS Account Details
Compression
Advanced Configuration
Adaptive Profiling Rule
Session Tracking
Caching
Load Balancing
Captcha Settings
DDoS Policy
Slow Client Attack Prevention
Mask Sensitive Data
Server
Secure Browsing
Exception Profiling
Response Body Rewrite
Clickjacking
Domain Info
Basic Security
URL Encryption
Allow or Deny Client
URL Policy
Authentication
Authorization Policy
Advanced Client Analysis and Header ACL

By default, all service groups will be returned.

JSON

[ "Website Profile", "URL Optimizer" ]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Services failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Bad request.

Error Sample Data

List Services failed.

Status Code: 400.

Message: Bad request.

Logout

Logs out and deletes the access token.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Logout failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Bad request.

Error Sample Data

Logout failed.

Status Code: 400.

Message: Bad request.

Retrieve Web Firewall Logs

Retrieves information on Network Firewall Logs. The log entries are sorted by created time in descending order.

Input

Input Parameter	Required /Optional	Description	Example
Client IPs	Optional	Filters web firewall logs by client IPs.	JSON `[ "*...*" ]`
Start Time	Optional	Web firewall log entries generated after this time will be returned. By default, the value is 4 hours before End Time.	2021-07-23T00:40:00
End Time	Optional	Web firewall log entries generated before this time will be returned. By default, the value is the current time.	2021-07-23T01:40:00
Limit	Optional	The maximum number of logs that can be fetched at a time using the Logs REST API, between 1 and 100,000. By default, the value is 20.	100

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Retrieve Web Firewall Logs failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Bad request.

Error Sample Data

Retrieve Web Firewall Logs failed.

Status Code: 400.

Message: Bad request.

Update Security Policy

Updates security policies from the Barracuda Web Application Firewall.

Input

Input Parameter	Required /Optional	Description	Example
Policy Name	Required	The name of the security policy to be updated.	New_policy
Policy Object	Required	The JSON object of the security policy to update. Only fields that need to be updated are required.	JSON `{ "cookie_security": { "cookie_replay_protection_type": "none", "allow_unrecognized_cookies": "never", "tamper_proof_mode": "encrypted" } }`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Update Security Policy failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Bad request.

Error Sample Data

Update Security Policy failed.

Status Code: 400.

Message: Bad request.

Update Service Status

Updates the status of the specified Web Application services.

READER NOTE

Service Names is a required parameter to run this command.

Run the List Services command to obtain the Service Names. Service Names can be found in the raw data at the path $.data.

Input

Input Parameter

Required /Optional

Description

Example

Service Names

Required

The names of the web application services for which to update the status. Service Names can be obtained using the List Services command.

JSON

[ "service_app1_secure" ]

Status

Required

The updated service status. Available options are:

On
Off

On

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Update Service Status failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Bad request.

Error Sample Data

Update Service Status failed.

Status Code: 400.

Message: Bad request.

Test Connection

Performs a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

A connection issue with the integration

The API returned an error message

No response from the API

You can view more details about an error in the Error tab.

String

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Test Connection failed. Failed to check the connector.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda Web Application Firewall portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: You must have a valid support account to call this API.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 400.

Message: Server Url is not valid in format.