Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
3
votes
1 answer

Request blocked on azure waf when form fields have values as json strings

I have a form which has some input fields. Some of the input fields have json strings as values like [{"actionItems":"1","actions":"Go To Home","articleLink":""}, {"actionItems":"2","actions":"Rollback","articleLink":""}] But when I submit this…
prasoon
  • 901
  • 8
  • 25
3
votes
0 answers

Blocking based on full URL and not just the URI in AWS WAF

I am using AWS WAF across multiple CloudFront distributions which go to different URLs. Generally speaking, it is working well. However, we have noticed particular activity on a few of the underlying sites that I want to block, but I don't want to…
JasCav
  • 34,458
  • 20
  • 113
  • 170
3
votes
0 answers

Traefik Kubernetes WAF

I have a Kubernetes cluster working using Traefik as the reverse proxy. What is the best way to utilise a for a WAF in this scenario, e.g. something like the NGINX WAF which isn't available for Traefik or the Cloudflare DNS level WAF.
Rutnet
  • 1,533
  • 5
  • 26
  • 48
3
votes
3 answers

Google dialogflow IP addresses

I am building a Google Home application with DialogFlow. Fulfillment is done via Webhook that points to my virtual machine In the VM the 443 port is open and certificates are configured. However now I would like to change the VM firewall to allow…
Ester Gonzalez De Langarica
  • 450
  • 2
  • 18
3
votes
1 answer

Is Azure active directory vulnerable to DoS or DDOS attacks

If I add Azure AD to a cloud architecture do I still need to add a WAF to protect against DOS/DDOS specifically? If attacks can’t get past authentication being the premises of the question.
WiredLessInTX
  • 113
  • 1
  • 6
3
votes
3 answers

Blocking IP's using AWS WAF so that only users connected to a VPN can access CloudFront

Goal: Use AWS WAF to filter out traffic that hits CloudFront so that only users connected to the OpenVPN network can access the web application. OpenVPN assigns any connected user to an IP in the network range of 172.xx.yyy.z/a. I therefore…
mysterykid
  • 93
  • 1
  • 9
3
votes
1 answer

Trying to find the ARN pattern for AWS WAF regional

I'm playing around with writing IAM policies for an AWS WAF regional resource. I've created a rule for which I'm trying to see if I can write an IAM policy. That's where I realized that IAM policies require ARNs and not just resource Ids. I used…
chrisrhyno2003
  • 3,906
  • 8
  • 53
  • 102
3
votes
2 answers

Azure WAF 403 Response

I'm getting a '403 ModSecurity Action' on PUT requests to my API. Gets and Posts work as expected. The first thing I thought about is that the WAF may be blocking specific Verbs (i.e. PUT), which is 'REQUEST-911-METHOD-ENFORCEMENT' More info…
IeuanW
  • 228
  • 1
  • 9
  • 25
3
votes
0 answers

shadowd.flask_connector connector throwing 500 Internal server

I'm trying to connect Shadowd (Shadow Daemon) WAF (Web Application Firewall) with Flask connector from this Documentation Even the normal "Hello world" program is throwing Internal server error. while I'm using the Flask Connector. MY CODE from…
Sundararajan
  • 544
  • 2
  • 9
  • 25
3
votes
0 answers

Not able to block IP address via AWS WAF

I have created a Cloudfront distribution and associated a Web ACL rule with it that blocks all IP addresses that doesn't match my IP address condition. But it is not blocking any IP address. What am I doing wrong?.
Pooja Jain
  • 33
  • 3
2
votes
0 answers

Why WAF blocks multiple spaces?

In my project we are using WAF. Recently I found a bug that is, when we are adding multiple spaced words in a textbox for example Hello there, this is a multi spaced word collection . and trying to saving it, the WAF blocks the request, but…
Amal Ps
  • 703
  • 7
  • 19
2
votes
1 answer

Does AWS WAF any additional protection when I am serving only images from CloudFront (from S3)?

I have CloudFront serving only images - stored in S3 but served through CloudFront. The Web application is hosted separately. Do I need AWS WAF? Or What does WAF add when only images served?
Sun
  • 2,110
  • 2
  • 21
  • 28
2
votes
1 answer

How can I implement a AWS WAF rule to restrict access of api gateway to the users of other accounts?

I need to write a WAF rule such that access to API gateway is blocked for the users of other AWS accounts. for now, I'm exploring the implementation of WAF but I have managed to create CfnWebCl with a rule statement to be ipSetReferenceStatement…
Jawad
  • 313
  • 4
  • 16
2
votes
2 answers

How to whitelist VPC outbound traffic

How can we restrict outbound traffic from AWS VPC to the internet, for example limiting outbound traffic to certain trusted domains (URL “whitelisting”). I was thinking on AWS WAF but it seems it filter trrafic traffic traveling to the web…
Asri Badlah
  • 1,949
  • 1
  • 9
  • 20
2
votes
1 answer

ERROR creating IPsets 'WAFLimitsExceededException'

I'm creating an AWS WAFV2 configuration (IP sets, webacls ..) with python and boto3. I executed it and it worked at first but then I deleted from the console all the created resources and executed the script again but I got this error : "…
said
  • 53
  • 1
  • 4
1
2
3
17 18