Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

165 questions
0
votes
0 answers

Can AWS Web Application Firewall (WAF) be used to protect a custom web application running on an EC2 instance that requires user authentication?

QUESTION Can WAF be used to protect a web application that requires a user to authenticate with a 3rd party identity provider before accessing any of the resources? Motivation for asking the question I would like my custom application to be…
dustfinger
  • 31
  • 3
0
votes
1 answer

IIS and FortiWeb Serves Asp.Net page as plain text

I use Asp.net web from and IIS 8 and sometimes I saw this result instead of Html result in my browser: I use "FortiWeb" as Web Application Firewall(WAF) and it configured to convert request http to https. This error sometimes occurs in random page.…
Fred
  • 2,965
  • 4
  • 29
  • 51
0
votes
1 answer

Routing and filtering with Apache and ModSecurity

I have an Apache Web Server (2.4) behind a WAF (ModSecurity). 10 remote hosts have static IP addresses and expect to reach "test.com". I would like to do some filtering and routing based on the remote IP addresses. For example: when 192.168.1.1…
TomFR
  • 1
0
votes
1 answer

What criterias do you look for in a WAF (web application firewall)?

I am trying to assess a few WAFs 1) performance 2) coverage 3) accuracy 4) scalable are few things I am looking at but what else do you look at if you are evaluating a WAF?
user2574872
  • 873
  • 2
  • 10
  • 23
0
votes
1 answer

Updating AWS WAF IP list to block IP's

I have nginx running behind ELB which points to application Uwsgi. I want to ban IP's based on there request frequencies. After digging on the topic I found out that I need to use WAF for this. I can block IP's manually. Now I want to automate…
Nagri
  • 2,579
  • 4
  • 23
  • 56
0
votes
3 answers

Azure cloud service Web App Not found -404

I've a webapp hosted in azure cloud service. We would like to put the WAF infront of web app per setup below: We have created a bladomain.com.au The DNS record points to IMPERVA IP address IMPERVA then points to bla.azurewebsites.net If I access…
Nil Pun
  • 16,019
  • 34
  • 150
  • 277
-1
votes
1 answer

VPS NodeJS server not accessible on public IP Oracle Compute Cloud

I am trying to get my nodejs website up on the Oracle Cloud Compute VPS (forever free) with Ubuntu 18.04. (That it is an Oracle server seems to be very important in this case). I can curl localhost (then it returns the HTML), but I cannot access it…
Amber Elferink
  • 122
  • 9
-1
votes
1 answer

An error occurred while executing the "make" command while compiling and installing the "ModSecurity- Nginx" module

I am getting the error below while compiling and installing the "ModSecurity- Nginx" module. Installing the "ModSecurity- Nginx" module #yum install -y gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel…
Stud
  • 1
-1
votes
2 answers

How to block website for particular IPs through aws WAF

I'm running a website "www.example.com" on classic load balancer and behind classic load balancer attached EC2 instances, and also using a cloudfront assets.example.com for static data. I noticed in nginx access logs some IPs are scraping the data…
rajeev singh
  • 53
  • 5
-1
votes
1 answer

Setting firewall rules to enabling running Apache2HttpServer and ApacheTomcat 9 on the same machine with two different hostname/ip:port

I have a Virtual Machine Linux Debian 10, with two Host-Only Network interfaces actived respectvely 192.168.56.10 and 192.168.56.15 with static ip address. Apache Tomcat 9 is installed and Apache2 Http Server is installed too. My purpose is that…
The Big Gamer
  • 1
  • 1
-1
votes
1 answer

Modsecurity - REQUEST_URI allow rule is not working

We have following rules that are not working and we wanted to white list this warning ( in event viewer ), which contains "testinguri" in URI. SecRule REQUEST_URI "@contains testinguri\?op\=message"…
Question and Answer
  • 73
  • 1
  • 6
-2
votes
1 answer

Web application firewall (WAF) rules validation by javascript

WAF Rules applied to web application which is already developed. To overcome WAF blocking inputs , need to convert format of input or encode input before form submitting got failed. If any possibility to validate WAF rules using javascript , pls…
Udhayavanan
  • 1
-2
votes
1 answer

Using iptables, how to limit connections for IP range and browser's string?

Daily once, the following IP range is sending multiple requests per second. During the attack a strange browser is being used that is mentioned below: IP Range: 192.168.1.100-192.168.1.200 Port: 80 (Apache web server) Browser Name: X11:…
jehan
  • 109
  • 3
  • 14
-2
votes
1 answer

Which keyword can be used to replace "FROM" in SQL?

I am trying to bypass a waf, and which keyword can be used to replace FROM in SQL?
Nick
  • 26
  • 3
-3
votes
1 answer

403 access forbidden web application firewall security

i get "403 access forbidden web application firewall security alarm triggered" when i try to update products on virtue mart. i have tried to change different product prices but i still got 403 access forbidden. i have tried logging in with different…
user3709854
  • 1
  • 1
1 2 3
10
11