Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
2
votes
0 answers

Use both owasp CRS and Comodo modsecurity rule set simultaneously

In a modsecurity installation could I setup and use both owasp CRS (https://github.com/SpiderLabs/owasp-modsecurity-crs/) and Comodo rule set (https://waf.comodo.com/user/cwaf_revisions) simultaneously? Are they incompatible? Is it wrong, pointless…
kgroutsis
  • 153
  • 9
2
votes
1 answer

Configuring WAF on Azure Front door services

I'm setting up WAF rules for azure front door services provided by Microsoft Azure. Currently, I'm using default ruleset 1.0 provided OTB to block top 10 OWSAP threats. When default rules are enabled, we observe 403 error and not able to…
IamChandu
  • 355
  • 6
  • 18
2
votes
1 answer

What IP-addresses do I need to allow the firewall to access geocoder.api.here.com?

We want to use heremaps geocoder.api. Currently the calls to heremaps are stopped by our local firewall. Our admins told me that it is not possible to add an URL to the firewall rules (geocoder.api.here.com). They need IP-addresses. So the question…
Markus Zucker
  • 21
  • 1
2
votes
0 answers

AWS WAF vs google bots and other crawlers

I deployed AWS WAF for my ALB(use cloudformation template). And now I want to configure scan probe and bad bot rules to work with google and other search bots.How can I identify "good" bots?
Vlad
  • 21
  • 4
2
votes
1 answer

Incapsula Rate Limit Per Second

I'm looking at the rate limiting on Incapsula, which limits requests etc. based on per minute. Rate >= {api-rate;4} Is there a way to rate limit based on per second? So if an ip exceeds 1 request per second, then block it. Cheers
chris c
  • 321
  • 2
  • 14
2
votes
0 answers

AWS images block

I'm working on an AWS Ubuntu Server protected by the WAF Shield and I'm seeing a strange (at least I think) behaviour. When an image is uploaded to my system, some of them are being denied some not. All the images are validated and the upload of…
Rodrigo Alexsandro
  • 21
  • 3
2
votes
6 answers

Can I be safe with Web Application Firewall

I saw many web application firewall like mod_security with OWASP extention If I use that in my server, can I be sure by 99% that no one can hack my site with PHP codes ? likes XSS ...
Ata
  • 12,126
  • 19
  • 63
  • 97
1
vote
1 answer

Azure Front door WAF policy Microsoft_DefaultRuleSet-2.0-BLOCKING-EVALUATION-949110 block request with Inbound Anomaly Score Exceeded message

I have front door and WAF configured for one of my web application. The WAF is currently in detection mode. While reviewing the logs, I majorly see below details in all the block requests ruleName_s :…
Rajesh
  • 301
  • 3
  • 8
1
vote
0 answers

Error in React Native using axios - Error: Network Error

I'm using axios on my React Native APP and i'm getting this error on my post request -> [Error: Network Error] A few informations that are relevants: This error not happen on IOS (same project) API is hosted on Azure. This error starts to happen…
Lucas Costa Gusmão
  • 11
  • 1
1
vote
1 answer

Delete AWS WAF webAcl

I am trying to delete a AWS WAF WebAcl that was created using Firewall Manager few months ago, but someone has removed the Firewall Manager policy, probably without ticking the "delete all policy resources" checkbox, so after this the webAcl remains…
Lucas Farias
  • 11
  • 1
1
vote
2 answers

Block port 80 access in Azure Front door

I created a Standard tier Front Door with the necessary Azure WAF with default configurations. If I do this: Test-NetConnection -ComputerName "-dev-xxxxxx.z01.azurefd.net" -Port 80 ComputerName :…
ArnabSaha
  • 23
  • 8
1
vote
0 answers

Why the WAF is "crashing" the website - Laravel

This is my first website in the Laravel framework. Website is running fine without the firewall. But whenever the firewall is enabled, the site is giving 502 or 504 server errors and thus the site is not loading. As per hosting company opinion, the…
Dev User
  • 11
  • 1
1
vote
0 answers

Linkedin Preview Scraper Agent is blocked on WAF

If someone wants to share a page/link from our public website on Linkedin, the preview doesn't get rendered properly. Also if we check the Post Inspector (https://www.linkedin.com/post-inspector) it ends in a error. We have figured out, that…
Mario
  • 35
  • 1
  • 6
1
vote
0 answers

Update AWS WAF IP set without any tokens

I am trying to automate the process of updating WAF IP sets. Is there a way to update the WAF ip-set without making use of a token such as --change-token or --lock-token?
skp15
  • 23
  • 6
1
vote
0 answers

WAF policy - block and allowlist regulation

I want to block certain countries IP addresses in my WAF. Say I have a legitimate user trying to access the website from their mobile while they are on holiday in one of the blocked countries. Is it possible to allow them access by authenticating…
ELouise
  • 11
  • 1
1 2
3
17 18