Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
1
vote
1 answer

Setting up NAT / WAF in Amazon AWS

I have the following issue: I want to setup a NAT or WAF in the following scenario: Internet->VPC->IGW->Rotuer->Subnet1->EB1 ->Subnet2->EB2 ->Subnet3->EB3 in short words, my scenario is: VPC,…
Néstor
  • 570
  • 2
  • 8
  • 22
1
vote
2 answers

URLScan and percent signs

So I just ran into a stupid problem in which users could not download files that had a percent sign in it. This is an IIS6/Win2k3 box. It wound up being URLScan. I had to un-set two things in urlscan.ini: 1) Set VerifyNormalization to 0…
Hobbes
  • 11
  • 2
1
vote
1 answer

Is Web Application Firewall useful?

Recently, my brother suggested me to use mod_security. I did a research what it truly is and what it does, but I feel very uneasy to decide whether should I use it or not. Here is what in my mind that keep me from not using it. Slightly affect my…
invisal
  • 11,075
  • 4
  • 33
  • 54
0
votes
1 answer

How to enable a ModSecurity Rule in Detection Only?

I'm using ModSecurity on my office, but in detection only to only create logs and monitor logs, But now there is a rule that i want to force to be activated in Detection Only. The rule i want to activate is this one. SecRule…
David Martins
  • 33
  • 1
  • 6
0
votes
1 answer

Azure REST API throws "WAF Policy does not have any valid Primary Rule Set attached to it." error

The Azure REST API that I'm trying to call to update my WAF policy is throwing an error saying the policy doesn't have any valid primary rule set attached to it. This is the API I'm trying to hit -…
mr_raya
  • 1
0
votes
0 answers

imperva WAF rules blocked drupal 7 form submit

We have created a variable form using hook_variable_info where a field type "text_format". Where we are putting a html template data. But when we are going to submit that form getting blocked by imperva. At imperva console we are getting cross site…
Arif
  • 195
  • 12
0
votes
1 answer

How to integrate AWS WAF Captcha in vuejs?

I'm trying to integrate aws captcha to my login screen. the captcha renders, user completes puzzle and verify api is called successfully. but how do I get the success status after puzzle completed AwsWafCaptcha.renderCaptcha(container, { …
mymail
  • 131
  • 2
  • 12
0
votes
1 answer

How to block the header x-http-method-override in AWS Cloud front?

In my architecture, it has a cloud front associated with ELB as an origin(https:443) As a proactive security measure I would like to block the header x-http-method-override can anyone help me how to block the header x-http-method-override in AWS…
ctgopinaath
  • 35
  • 7
0
votes
0 answers

Ansible task to create a package with nginx 1.24.0 package with Modsecurty and listens on 443 inspects traffic with owasp rules

Here is my ansible code name: Create Nginx WAF Package for Red Hat 8.7 hosts: localhost gather_facts: false become: true tasks: name: Install required system packages for compilation yum: name: - gcc - make - openssl-devel - pcre-devel -…
kish289
  • 1
  • 1
0
votes
1 answer

AWS ApiGateway API POST request fails when WAF Captcha is turned on

first post in over 6years. So I have setup a AWS ApiGateway rest API. Its a simple API with one endpoint for a POST request. Works without issues. However when I add my AWS WAF rule for Captcha to the protect the API Gateway I am getting cors…
ryuutatsuo
  • 3,924
  • 3
  • 27
  • 29
0
votes
0 answers

Intergrate WAF with ElasticBeanstalk's ALB using CloudFromation

I have create a WAF and an Elastic Beanstalk with ALB like this: TestTemplate: Type: 'AWS::ElasticBeanstalk::ConfigurationTemplate' Properties: ApplicationName: !Ref TestApplication Description: Test SolutionStackName:…
julanove
  • 405
  • 5
  • 19
0
votes
0 answers

How can I make a request to the Azure Instance Metadata Service from inside an Azure Firewall?

Is there any way to use the KV REST API and have a static outbound IP address? I have a dockerised programme running in an Azure Container Instance (ACI). It's a standalone container – no cluster. I have 2 requirements that seem to be in…
guy
  • 72
  • 6
0
votes
1 answer

Load Balancer: Inspecting traffic a specific cloud armor WAF rule is denying

Got a simple HTTPS Load Balancer with a backend security policy defined in Cloud Armor assigned to its backend. The security policy is a list of the Cloud Armor WAF rules at differing sensitivity levels. However, I'm getting some false positives…
philMarius
  • 470
  • 5
  • 19
0
votes
0 answers

symfony/vuejs authentification IS REQUIRED

I have a Symfony/Vue.js app, and I've hosted each one in a subdomain using Apache2. However, when I try to authenticate, I can't proceed, and I receive a 401 error indicating that full authentication is required. Strangely, in my local environment,…
matila fatima
  • 1
1 2 3
17 18