/
Configuring Global ACLs

Configuring Global ACLs

Jan 08, 2026

Global ACLs (URL ACLs) are strict allow/deny rules shareable among multiple services configured on the Barracuda Web Application Firewall. They are associated with configured Security Policies. The default global ACLs configured in the SECURITY POLICIES page are:

  • access-control-login-url - The ACL is displayed when AAA is enabled on the service and is used to process the Login requests.

  • apache_range_header_vulnerability - The ACL is used to block the requests that try to misuse the apache range header vulnerability.

  • backups-prefix-copy - The ACL is used to block the requests trying to access backup files on the application.

  • backups-prefix-hash - The ACL is used to block the requests trying to access backup files on the application.

  • backups-suffix-bak - The ACL is used to block the requests trying to access backup files on the application.

  • backups-suffix-old - The ACL is used to block the requests trying to access backup files on the application.

  • backups-suffix-sav - The ACL is used to block the requests trying to access backup files on the application.

  • favicon.ico - The ACL is used to allow access to favicon.ico file of the application.

  • phpinfo - The ACL is used to deny access to phpinfo.php file on the application to avoid disclosing the sensitive php settings of the application.

  • robots.txt - The ACL is used to make robots.txt file accessible to all without exception.

  • translate-f-vulnerability - The ACL is used to block any attempts the client makes to misuse Translate:f vulnerability that exposes IIS files source.

Steps to Configure Global ACLs

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.