Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
0
votes
1 answer

AWS WAF update ip sets and rules specific to a region from lambda

I am able to successfully update the WAF ip address rule set from lambda if the rule sets are Global (Cloudfront). but if i create a rule set specific to region to be able to use it with APP ELB, the get-ip-set or list-ip-set api's are not…
rashmi b
  • 91
  • 10
0
votes
0 answers

Socket.IO Node.JS connection event not firing

I must be doing something incredibly stupid, as the tutorial (!) chat example at http://socket.io/get-started/chat/ for Node.JS and Socket.IO is not working for me. More specifically, the 'connection' event is not firing when I load the…
UglyMF
  • 9
  • 1
0
votes
0 answers

Can AWS Web Application Firewall (WAF) be used to protect a custom web application running on an EC2 instance that requires user authentication?

QUESTION Can WAF be used to protect a web application that requires a user to authenticate with a 3rd party identity provider before accessing any of the resources? Motivation for asking the question I would like my custom application to be…
dustfinger
  • 31
  • 3
0
votes
1 answer

IIS and FortiWeb Serves Asp.Net page as plain text

I use Asp.net web from and IIS 8 and sometimes I saw this result instead of Html result in my browser: I use "FortiWeb" as Web Application Firewall(WAF) and it configured to convert request http to https. This error sometimes occurs in random page.…
Fred
  • 3,365
  • 4
  • 36
  • 57
0
votes
1 answer

Routing and filtering with Apache and ModSecurity

I have an Apache Web Server (2.4) behind a WAF (ModSecurity). 10 remote hosts have static IP addresses and expect to reach "test.com". I would like to do some filtering and routing based on the remote IP addresses. For example: when 192.168.1.1…
TomFR
  • 1
0
votes
1 answer

What criterias do you look for in a WAF (web application firewall)?

I am trying to assess a few WAFs 1) performance 2) coverage 3) accuracy 4) scalable are few things I am looking at but what else do you look at if you are evaluating a WAF?
user2574872
  • 945
  • 2
  • 11
  • 23
0
votes
1 answer

Updating AWS WAF IP list to block IP's

I have nginx running behind ELB which points to application Uwsgi. I want to ban IP's based on there request frequencies. After digging on the topic I found out that I need to use WAF for this. I can block IP's manually. Now I want to automate…
Nagri
  • 3,008
  • 5
  • 34
  • 63
-1
votes
0 answers

Is there any opensource WAF that provide JS code for end user to protect their website?

Creating a WAF application is a challenging task. I was to create a WAF application, I found few pre-written opensource tools but implementing them are challenging as well. I will 100s of websites and it would be really hard to implement my custom…
Anish Khatri
  • 1
-1
votes
1 answer

How do I add a ModSecurity rule to block certain http requests?

I want to create a rule that blocks all http requests (get,post,put, literally all of them) and only allow certain ones that I specify. Specifically, Get, Put and Post. I am running ModSecurity V3. If there is a rule that can do something like this,…
LordZeus
  • 39
  • 4
-1
votes
1 answer

Do I need a separate WAF if I want to use Azure Deployment Slot on production instance?

I'm looking to leverage Azure deployment slots for a production Web App (with Azure SQL DB). I also use a Fortiweb WAF-as-a-Service for production app. If I use deployment slots, will I need a separate Fortiweb WAF-as-a-Service instance to point to…
PDorenberg
  • 1
-1
votes
1 answer

VPS NodeJS server not accessible on public IP Oracle Compute Cloud

I am trying to get my nodejs website up on the Oracle Cloud Compute VPS (forever free) with Ubuntu 18.04. (That it is an Oracle server seems to be very important in this case). I can curl localhost (then it returns the HTML), but I cannot access it…
Amber Elferink
  • 132
  • 1
  • 10
-1
votes
1 answer

How to integrate a Web Application firewall (ModSecurity) with Heroku?

I have an application running on the flask server in Heroku. This there any way to integrate ModSecurity or any open-source Web Application Firewall (WAF) to protect my application in Heroku. Any other related answer or help regarding this is also…
Rahul Sapparapu
  • 79
  • 6
-1
votes
1 answer

An error occurred while executing the "make" command while compiling and installing the "ModSecurity- Nginx" module

I am getting the error below while compiling and installing the "ModSecurity- Nginx" module. Installing the "ModSecurity- Nginx" module #yum install -y gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel…
Stud
  • 1
-1
votes
2 answers

How to block website for particular IPs through aws WAF

I'm running a website "www.example.com" on classic load balancer and behind classic load balancer attached EC2 instances, and also using a cloudfront assets.example.com for static data. I noticed in nginx access logs some IPs are scraping the data…
rajeev singh
  • 73
  • 2
  • 9
-1
votes
1 answer

Setting firewall rules to enabling running Apache2HttpServer and ApacheTomcat 9 on the same machine with two different hostname/ip:port

I have a Virtual Machine Linux Debian 10, with two Host-Only Network interfaces actived respectvely 192.168.56.10 and 192.168.56.15 with static ip address. Apache Tomcat 9 is installed and Apache2 Http Server is installed too. My purpose is that…
The Big Gamer
  • 1
  • 1
1 2 3
17
18