When configuring a Web API or a Web Application asset to be protected by CloudGuard WAF's AppSec Gateway, the wizard already configures the required reverse proxy settings of an upstream URL (the Protected web server's URL) and downstream URL (the exposed URL/s) for each asset.

However, there are additional advanced reverse proxy settings that can be set for the CloudGuard WAF per web asset.

Reverse Proxy Advanced Settings Location

Step 1: Edit the web API/application asset through Policy->Assets

Step 2: Click 'Advanced...' under Reverse Proxy in General tab

The following window will appear:

Validating the certificate of the internal server

The reverse proxy takes incoming HTTP/S requests and forwards them to an internal server.

When using HTTPS, the forwarded request to the internal server returns with a certificate which the best practice is to validate.

The below advanced proxy settings include the configuration option for "Trusted CA chain for protected server SSL verification". Use this option to configure the trusted CA chain that will validate the certificate presented by the internal server for enhanced security.

Advanced Proxy Settings

Additional Settings