Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
0
votes
1 answer

Azure Application Gateway Web Application firewall CRS setting PARNOIA LEVEL for crs-setup.conf

We are using Azure Application Gateway and Web Application Firewall (WAF) and what we want to do is we want to change the PARANOIA LEVEL from 2 to 1. One of the OWASP Engineer helped me the command we can use to switch it…
0
votes
2 answers

Azure Application Gateway WAF with False Positive on SQL Injection

We are using Azure Application Gateway and WAF with detection mode enabled for now and for one of our web-applications what we are observing it is throwing SQL INJECTION ATTACK error message for URLS like:-…
0
votes
1 answer

Blocking a spam attack using WAF

I have a website behind hosted on S3 behind the cloudfront. I get continuous spamming for couple of hours every evening. The spammer uses different IPs/subnets to launch the same. Going through the access logs, I can not identify any common pattern…
0
votes
1 answer

Is it possible to load an HTML page only from a specific iframe?

I'm building a web app (in PHP) that allows to assign HTML resources (HTML pages) to users. A user should only be able to access pages assigned to him. The problem is that if a user gets URLs to these pages and then i revoke his permission to that…
Badr
  • 177
  • 4
  • 17
0
votes
1 answer

Azure application Gateway WAF

I am trying to configure Azure application gateway WAF with a backendpool set to a VM in a different Azure tenant using its public IP address on port 443. All the SSL certificates are configured properly. However, I keep getting following error…
0
votes
2 answers

Do i need point to site vpn with azure waf and web app

I have been messing around with Azure trying to get a web app up and running. My plan was to create a WAF and site the web app behind that, each in a seperate subnet and then to use the service endpoint tech to point the web app to a database. I…
0
votes
0 answers

IP Specific restriction to static website hosted on s3 with cloudfront configured

I have a static website hosted on S3 with cloudfront configured to it. My Main aim is to configure my site in a way that it is only accessible through a specific IP address. I have tried WAF and the website is getting cached in my browser and im…
Sri Vatsav
  • 13
  • 1
  • 5
0
votes
0 answers

Configure WAF (Web application firewall) in cloudformation template using Troposphere

I want to Create and Attach a WAF to my loadbalancer. what are the resources and parameters i need to attach to create a WAF, is there any example, You can suggest me? I tried this way but each rule set is failed using cloudformation…
0
votes
1 answer

Writing a database firewall for blocking SQL Injection attacks

I am studying and researching about different methods of SQL Injection and countermeasures. Checking HackerOne Hacktivities showed me that it's not enough for a web application to just use a WAF (ex. Cloudfront, cloudflare, Akamai, ...) is not…
crypto
  • 21
  • 1
0
votes
2 answers

File upload is limited to 1M, even after PHP, Nginx, and Apache configuration

I'm asking about an issue on a Wordpress website, that serves on an Ubuntu 18.04 behind of a WAF(Web Application Firewall) service. The server was working for 1 year. 4 days ago I tried to upload a file and I got Http error. upload_max_filesize and…
0
votes
2 answers

X-Forwarded-Proto not being passed through AWS ALB Sandwich with Palo Alto VM Firewall

We're using Palo Alto's VM Firewall's with ELB's sandwich topology and are unable to get the correct X-Forwarded-Proto to make it all the way back to the web server. HTTPS termination is happening on the external load balancer, then running as HTTP…
0
votes
0 answers

Unable to automatically step into the server. Connecting to the server machine '10.87.6.234' failed

I am trying to connect web application with web service but I get stuck with this error. I had done all the firewall settings but still getting the error when I debug my application. Help me out of this..!
0
votes
1 answer

Can i use the default azure domain from an app service with an Azure Application Gateway?

I have an environment setup with multiple azure web apps across multiple Azure service plans. I'm now retrospectively trying to add an azure WAF between the wider internet and the websites. I have created a WAF, but am now struggling to understand…
Adam
  • 1,149
  • 10
  • 12
0
votes
1 answer

How to redirect all request on port 80 to a docker and then pass it to my web server?

How can I put a docker between the web requests and my web server (in order to analyse and block requests)? I found morbz/docker-web-redirect docker, but it seems that it is not enough for this task.
Iman
  • 473
  • 1
  • 4
  • 20
0
votes
1 answer

Connect AWS ACL but "no resources found"?

I have read every AWS tutorial on this, but cannot seem to connect my ACL to the Load Balancer I created for a single EC2 Instance. I'm simply trying to protect the single EC2 instance with a WAF. The ACL is created, there are a group of rules,…