Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
1
vote
0 answers

Difference in HTTP Request through Chrome vs Node.js when using a HTTP Proxy

Assume you have X being a webserver accepting http requests. I have a problem where X has WAF preventing access from proxied HTTP Requests through Node.js as it gets detected by the WAF, however in Chrome there are no issues when using this HTTP…
user10420388
1
vote
1 answer

Is it possible to use Amazon Web Application Firewall with application that not hosted on AWS instances?

I'm new with AWS WAF and get stuck with setting up it for application that hosts on some dedicated server. I didn't find any information how to set up it without migration to aws servers, but I found that WAF integrated with CloudFront. But anyway I…
John Titor
  • 11
  • 1
  • 3
1
vote
1 answer

Creating TCP packets properly in Python

I need to analyze an Apache log with Snort and others IDS/WAFs (Suricata, mod_security and Shadow Daemon). In order to do so, I was thinking about create TCP packets with the GET and POST requests stored in the Apache log with Scapy in Python.…
Neveralways
  • 11
  • 4
1
vote
2 answers

How to get "HTTPS" / SSL Working - Azure WAF (application gateway) with 2 Websites on Linux

I am having trouble with getting SSL/HTTPS working on a Azure WAF (ApplicationGateway) (http / port:80 is working fine) I will explain the scenario as basic as possible: The developer has made two websites (for this example: let’s say X.com and…
Awsming
  • 29
  • 1
  • 6
1
vote
1 answer

What does it mean for AWS Shield Standard to be activated?

I am looking into AWF WAF & Shield standard option - see below screenshot: It says it's already activated. What does it mean for it to be 'activated'? It says it does network flow monitoring. Is there a network report that I can see /…
user5399405
1
vote
1 answer

Azure App Accessing Azure SQL Db IP Range

I have an azure web app. Within the app there is a webform that performs a call to an azure sql database. Essentially a lookup table. My problem is that when the app is published, the app fails because others users are not in the azure sql database…
Billson3000
  • 55
  • 1
  • 10
1
vote
1 answer

Redirect using WAF vs CDN

Our application has 2 domains. http://www.example.org and https://secure.example.org We are planning to decommission https://secure.example.org and have just 1 secure domain name:https://www.example.org But we want to make sure any old URL still…
user3084985
  • 41
  • 1
  • 7
1
vote
1 answer

Foreign cookies in client requests

Some clients send requests to our webapp with additional cookies like this: vidyk=1; svidyk=1; ykuid=tpvur0av71lvfcvbn4pz; ykoptout=false; vidyk=1; svidyk=1; ykuid=tpvur0av71lvfcvbn4pz; ykoptout=false; _ga=GA1.2.633227847.1500039040;…
Selivanov Pavel
  • 338
  • 2
  • 11
  • 25
1
vote
1 answer

Creating a web application firewall with nodejs

I want view if someone try to inject xss,sql to my apache2 server, My idea is create a waf in nodejs and if the connection is secure, redirect to apache2. It is posible?
elvaqueroloconivel1
  • 889
  • 2
  • 8
  • 11
1
vote
2 answers

AWS WAF on custom website

I have a website that is not protected by a WAF. I would like to configure a AWS WAF to it. I could not find any option on AWS WAF to protect a custom website, just cloud front deployment. Is it possible to protect a custom website that is not using…
p.magalhaes
  • 7,595
  • 10
  • 53
  • 108
1
vote
0 answers

while web frameworks implemented security measures, is it necessary to install WAF on webserver?

while modern web frameworks such as Yii (PHP), Laravel (PHP), Django (python) and etc have implemented security measures against attacks on web application such as XSS, SQL injection, RFI and etc, is it necessary to install a WAF on webserver? i…
msln
  • 1,318
  • 2
  • 19
  • 38
1
vote
1 answer

django frontend and backend seperation for security

I have written a web app in Django with usual Django project structure. At my company, they want to separate front end and backend on different servers. Frontend server will have internet access and backend will have a strong firewall and no net…
Jaimin Patel
  • 371
  • 2
  • 8
1
vote
0 answers

Can't transfer files between servers

I am trying to connect two servers and transfer some data files from one to to other server using bsp. But I'm getting an issue as below: com.jcraft.jsch.JSchException: timeout: socket is not established Is it related to firewall? Is a port not…
bharg
  • 71
  • 1
  • 5
1
vote
1 answer

Set mod_security to detectionOnly for a specific page?

If mod_security is set to ON for the whole website, is there a way I can set specific pages to detection_only? Use case is that the application is used to configure websites, and use of CSS or js is very common, but very likely to make modsecurity…
Ross Presser
  • 6,027
  • 1
  • 34
  • 66
1
vote
3 answers

Azure cloud service Web App Not found -404

I've a webapp hosted in azure cloud service. We would like to put the WAF infront of web app per setup below: We have created a bladomain.com.au The DNS record points to IMPERVA IP address IMPERVA then points to bla.azurewebsites.net If I access…
Nil Pun
  • 17,035
  • 39
  • 172
  • 294
1 2 3
17 18