Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
0
votes
2 answers

Getting "cURL cannot communicate with license server" when installing Plesk in a GCP instance

I'm trying to activate a new Plesk license on a CentOS instance on Google Cloud Platform Compute Engine instance. On the Plesk activation screen, I add my activation code and then receive this error: cURL cannot communicate with license server…
THX1138
  • 13
  • 1
  • 4
0
votes
0 answers

IIS local IP access externally with public IP

I have an ASP.Net MVC project that is running under IIS. I can reach it using local IP and port. I bind it with my IP and port. What should I do to reach it with my public IP and port like http://PUBLICIP:PORT When I try to reach it says connection…
Enes Okullu
  • 303
  • 3
  • 6
0
votes
1 answer

Achieve country level blocking while using azure traffic manager and azure application gateway with WAF

We have used azure traffic manager and azure application gateway with a Web application firewall for MVC C# web Application which hosted on the Azure virtual machine. For security reasons, we need to allow specific IP addresses and block access at…
Akash Samal
  • 87
  • 1
  • 9
0
votes
2 answers

Block direct IP access using nginx

I have following nginx configurations if ($host != mydomain.com) { return 403; } When I hit the url http://127.0.0.1/test/test2/index.php (from POSTMAN) I get 403. Fine. But adding a Host -> mydomain.com in Headers I get 200. When I added…
Muhammad Shayaan
  • 25
  • 7
0
votes
1 answer

Azure Application Gateway - Prevent redirection

I've a AppService running with an endpoint www.test.com. I've deployed an Application Geteway and set up a backend pool to forward traffic from AG to www.test.com. I've then created DNS records to point www.test.org to the AG IP. When I…
keitn
  • 1,288
  • 2
  • 19
  • 43
0
votes
2 answers

Difference between WAF and API Management

Would like to understand what is the difference between WAF and APIM (Like APIGEE or AZURE APIM). What are capabilities of WAF and which needs to be choose to protect the backend web application. Thank you in advance. Aaditya
Aditya
  • 1
0
votes
1 answer

Correct Configuration of Open ID Auth behind Path Based WAF

I have a problem configuring my Open Auth ID .net Core 2 application as an App Service behind a Web Application Firewall using a Path based routing. My application is myapp.azurewebsites.net with a network restriction making it inaccessible from…
PhillipH
  • 6,182
  • 1
  • 15
  • 25
0
votes
1 answer

modsecurity: Is turning off the rule engine really necessary when implementing a whitelisting rule?

Virtually all SecRule examples for modsecurity whitelisting I found on the web include turning off the rule engine, example: phase:1,nolog,allow,ctl:ruleEngine=Off,id:23023 However, as far as I got it from the documentation, "nolog" combined with…
Dante77
  • 3
  • 2
0
votes
1 answer

Is it possible Web Application Firewall to return 404 on given url pattern?

I'd like to raise HTTP404 Not Found through WAF(Web Application Firewall) when URL has trailing /, for example www.cde.org/aabb/ I'm following this article, however I can't figure out if/how it can be done. You can define a custom response status…
Yoda
  • 17,363
  • 67
  • 204
  • 344
0
votes
0 answers

Google Cloud VPC configuration: Firewall rule to Isolate a Backend Server

Here is my setup and what I am trying to accomplish - I have a Front End Server(s) [FE], backend server(s) [BE]. I am trying to setup my own VPC. The FE and BE are in different Zones of the same Region. The FE has its own service account - fe-sa,…
Rohit C
  • 19
  • 4
0
votes
1 answer

Http request blocked by Azure WAF, how to do right encoding?

I'm running a asp.net web application on Azure, I have an Application Gateway in front of it, enable the WAF (Web application Firewall). But many of my http requests from the front-end are blocked by the WAF, for example my payload in…
user9687
  • 81
  • 2
  • 8
0
votes
1 answer

Do I need a WAF (Web Application Firewall) to protect my app?

I have created a micro-service app relying on simple functions as a service. Since this app is API based, I distribute tokens in exchange for some personal login info (Oauth or login/password). Just to be clear, developers will then access my app…
Jona Rodrigues
  • 992
  • 1
  • 11
  • 23
0
votes
2 answers

F5 IRule,Generate New Alerts

I use F5 and I have an issue. I want to build an Irule that check the following scenario url=="domain.com" and Content-Length(of the request) > 400 then alert(response) Is it possible to create this Irule?
Assi
  • 21
  • 5
0
votes
1 answer

Create a geomatching AWS WAF condition/rule and connect it to an existing CloudFront distribution using CloudFormation

In short, what I am attempting to accomplish is the following: I want to create a WAF condition/rule combination to block traffic not in a whitelist of countries. I want to use CloudFormation so this can be version controlled and easily deployed to…
Tyrel H
  • 25
  • 6
0
votes
1 answer

hashi_vault don't work through Web Application Firewall

I want to retrieve a vault secret with Ansible using the hashi_vault module which doesn't seem to work through a WAF. The hashi_vault module work when the vault server is mapped to the root url (https://address/) in the WAF but when we use a custom…
Sleepless
  • 33
  • 1
  • 7
1 2 3
17 18