Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
0
votes
0 answers

Is it possible to block clicks on my domain's links when used on another website?

Is it possible to block traffic (to a 401 page, for example) if a user clicks on a URL from my domain that's used to 301 redirect to another domain? All the URLs have the same structure: "www.mywebsite.com/go/*" I'm using the ThirstyAffiliate plugin…
Windwave
  • 1
0
votes
1 answer

Can I restrict my GCP resources(deployments/services/instances) based on IP range restricted to project/folder/org level?

I have applications deployed on GCP. My requirement is to: Restrict the above deployments based on the IP address originating from within a project/folder/Org level. So for example, If I have a GCP project or folder "engg". I want to allow the IP…
rohit agrawal
  • 31
  • 7
0
votes
0 answers

Can modern Web Application Firewalls (WAFs) detect requests originating from intercepting proxies

I'm curious about the behavior of modern Web Application Firewalls (WAFs) when it comes to dealing with requests originating from intercepting proxies. I'd appreciate any insights, experiences, or recommended practices on this topic. My…
electron
  • 1
  • 3
0
votes
1 answer

Using Azure WAF for my server(not in Azure)

I have a server at my home with static IP and website in IIS, which available from internet. I wanted to protect it by Azure Web Application Firewall, but it works only in Azure Virtual Network. Can I add my server to Azure Virtual Network? Is it…
Andrey Golubkov
  • 37
  • 3
0
votes
1 answer

WAF Modsecurity audit logs - how to identify suspicious requests in DetectionOnly mode

We have enabled modsecurity in our nginx, modsecurity configured "SecRuleEngine DetectionOnly" for wihtout blocking any requests to identify suspicious requests that blocked by actual requests. But we couldn't identify requests in audit log which is…
sk2
  • 1,171
  • 1
  • 10
  • 28
0
votes
0 answers

AWS Blocks requests that contain inline styles

My team has an application that is hosted on AWS and the frontend uses a RichText Editor. Whenever a request is made to the backend where the post request body contains inline styles, the server/AWS responds with the following error. Everything…
Pila
  • 5,460
  • 1
  • 19
  • 30
0
votes
0 answers

Azure WAF Exclusion Rules

We are just configuring our WAF on Azure and we want to be able to exclude certain traffic from being passed through some of the WAF rules. We have a custom header being passed to identify the POSTS. How can we do this? All I can find is how to…
Stu
  • 1
0
votes
1 answer

Symfony6 : App.User is null (Authenticated User is not saved) cause of token lost after redirection

I am working in Symfony5.3 application (released in 2020 or 2021 I guess), and I have to take it over and upgrade its version to Symfony6.2. Well, I am facing some problems during authentications, after calling app.user.username in my html.twig file…
E Epsylon
  • 56
  • 1
  • 6
0
votes
0 answers

Listing WAF both regional and global

I have an AWS account that contains both WAF web ACL - global and WAF web ACL - regional. I want to list all those items in my python script using boto3. Since boto3.client.list_web_acls() has a limit of values for each query, I thought of using a…
Gilad Tayeb
  • 43
  • 6
0
votes
0 answers

Best tips for cloudflare WAF rules blocking bots/hacker attacks

Hello i have resently gone through the task of adding firewall blocking rules on my site. I want some tips for adding more security to wordpress sites Currently i am blocking by specific uri path which are common on my web statistics and also…
Rodin
  • 17
  • 7
0
votes
1 answer

Where to find all WAF rules? is it possible to configure them apart from Headers?

In Netlify Security documentation, there is a schema about their architecture : Where can I find all WAF rules ? is it possible to configure them (apart from Headers) ? Can't see the rules in dashboard. I have a Pro account.
emilie zawadzki
  • 2,035
  • 1
  • 18
  • 25
0
votes
0 answers

challenging direct traffic using AWS ACL

We used to use cloudflare where setting up a challenge for direct traffic is pretty straight forward but we have now moved entirely to AWS cloudfront and for the life of me cannot see a way of setting up a rule to challenge direct traffic with a…
Tom Oswald
  • 1
0
votes
0 answers

wafv2 firewall rules to restrict domain names

I created WAFV2 firewall rules to restrict few IP address to hit API gateways. it is working as expected. # ipsets resource "aws_wafv2_ip_set" "example-ip-sets" { name = "ipsetsexample" description = "Example IP set" scope…
Sayon
  • 85
  • 8
0
votes
1 answer

Can't access site programmatically

I'm trying to get a list of shutdowns from dtek-kem.com.ua/ua/shutdowns list But when I send a GET request via python, I get a response: unsuccessful request, Incapsula incident ID: ... Also I know this site uses imperva security Sending a request…
f211
  • 3
  • 2
0
votes
0 answers

WAF Shadow Daemon, how to enable hosting, only certain web applications?

WAF Shadow Daemon, how to enable hosting, only certain web applications? At work, the task was to protect some web applications on hosting using open-source firewall solutions, after analyzing I chose Shadow Daemon. I tried it on a test wheelbarrow…
Alexey Gulyaev
  • 1
1 2 3
17 18