Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

165 questions
67
votes
1 answer

Nginx startup prompt [emerg] no "events" section in configuration

In the X-WAF deployment, you need to create a new nginx configuration file. However, when testing the nginx configuration, an error is found and nginx cannot be started. I refer to http://blog.51cto.com/14071176/2318054,I did it step by step…
Dora
  • 671
  • 1
  • 4
  • 3
5
votes
3 answers

Azure API Management - How to get original IP when APM is behind WAF

We have below technical stack Imperva WAF API Management WebApi in WebApp This is current implementation Client IPs are authenticated at WAF level WAF IPs are whitelisted at APIM APIM IP is whitelisted at WebApp level Everything is working fine…
Manish Joisar
  • 810
  • 2
  • 16
  • 35
5
votes
1 answer

The SSL connection could not be established, see inner exception

I have an Integration project, where my RestAPI's call WCF services of other project to do some CRUD operations. My project is built on .net core 2.2.102. I deployed my project in BETA environment(PROD in my case) and pointed to the PROD URL's of…
abbs
  • 167
  • 1
  • 2
  • 9
4
votes
1 answer

Anybody using detrusion.com, web application firewall for ruby on rails

PS: I was doing to some random search and then I got detrusion.com. Whats this web application firewall ? How it works ? Any performance hit, if yes then how much? Should I use this destruction.com or anything else better available. Anybody??
Mohit Jain
  • 40,277
  • 53
  • 161
  • 272
4
votes
1 answer

Azure App Service with WAF

I'm looking for some Azure security best practice advice. I've seen some articles around on how to do it, but not if its necessarily required. I have a customer who would like to move to Azure and they have specifically requested we stick to a PAAS…
ColinRobertson
  • 330
  • 4
  • 20
3
votes
0 answers

Why does Chrome triggers the Azure App Gateway Web Application Firewall?

I have an Azure App Service sitting behind an Azure App Gateway on the WAF v2 tier. We are experiencing an issue where we get the 403 Forbidden response from the gateway in some Chrome browsers, yet the site displays correctly from Chrome Incognito…
KitkatNeko
  • 31
  • 2
3
votes
3 answers

Google dialogflow IP addresses

I am building a Google Home application with DialogFlow. Fulfillment is done via Webhook that points to my virtual machine In the VM the 443 port is open and certificates are configured. However now I would like to change the VM firewall to allow…
Ester Gonzalez De Langarica
  • 420
  • 2
  • 16
3
votes
1 answer

Is Azure active directory vulnerable to DoS or DDOS attacks

If I add Azure AD to a cloud architecture do I still need to add a WAF to protect against DOS/DDOS specifically? If attacks can’t get past authentication being the premises of the question.
WiredLessInTX
  • 111
  • 4
3
votes
1 answer

Do you think we would need a CDN in front of an api gateway?

We are using AWS and using the Kong API gateway hosted in AWS. Do you think we would need a CDN in front this API gateway? We don't need much caching, as well as we can attach the WAF in AWS to the alb.
shyju
  • 41
  • 1
3
votes
0 answers

Azure WAF 403 Response

I'm getting a '403 ModSecurity Action' on PUT requests to my API. Gets and Posts work as expected. The first thing I thought about is that the WAF may be blocking specific Verbs (i.e. PUT), which is 'REQUEST-911-METHOD-ENFORCEMENT' More info here…
IeuanW
  • 383
  • 5
  • 21
3
votes
0 answers

Not able to block IP address via AWS WAF

I have created a Cloudfront distribution and associated a Web ACL rule with it that blocks all IP addresses that doesn't match my IP address condition. But it is not blocking any IP address. What am I doing wrong?.
Pooja Jain
  • 33
  • 3
2
votes
2 answers

How to whitelist VPC outbound traffic

How can we restrict outbound traffic from AWS VPC to the internet, for example limiting outbound traffic to certain trusted domains (URL “whitelisting”). I was thinking on AWS WAF but it seems it filter trrafic traffic traveling to the web…
Asri Badlah
  • 1,262
  • 1
  • 5
  • 14
2
votes
1 answer

Request blocked on azure waf when form fields have values as json strings

I have a form which has some input fields. Some of the input fields have json strings as values like [{"actionItems":"1","actions":"Go To Home","articleLink":""}, {"actionItems":"2","actions":"Rollback","articleLink":""}] But when I submit this…
prasoon
  • 733
  • 6
  • 19
2
votes
1 answer

How to whitelist an ip address in Azure WAF

I have an Azure Application Gateway Web Application Firewall using the OWASP 3.0 ruleset. I created a custom policy so I could create a custom rule which simply allows traffic if it's from a specific IP Address and it has a priority of 1. This is…
devlife
  • 13,287
  • 23
  • 70
  • 126
2
votes
1 answer

Configuring WAF on Azure Front door services

I'm setting up WAF rules for azure front door services provided by Microsoft Azure. Currently, I'm using default ruleset 1.0 provided OTB to block top 10 OWSAP threats. When default rules are enabled, we observe 403 error and not able to…
IamChandu
  • 327
  • 5
  • 15
1
2 3
10 11