waf – Page 2 – WindowsTechs.com

WAF vs. Application Layer for Bot Mitigation

Posted on April 28, 2024 by Fahim Farook

In a layered enterprise security architecture with a Web Application Firewall (WAF) deployed in the DMZ, should there be shared responsibility between the WAF and application layer/ microservices for mitigations the WAF supports, specifica… Continue reading WAF vs. Application Layer for Bot Mitigation→

How to add accounts management to a legacy blackbox application?

Posted on April 25, 2024 by lalebarde

I have a legacy non-commercial (in-house) application that is distributed over several workstations on a private VLAN. I have to make it conform to some cybersecurity standards, but can barely modify it. For most of the needs, I can add a … Continue reading How to add accounts management to a legacy blackbox application?→

Can API Security/WAF tools decrypt "mirrored" traffic?

Posted on April 17, 2024 by Sjomann

We’re doing a PoC on a new API Security/WAF tool, and we’re planning to place this solution out-of-ban rather than inline. So traffic wont go through the solution and we’ll send the mirrored traffic to analyze in the new solution.
My quest… Continue reading Can API Security/WAF tools decrypt "mirrored" traffic?→

Problem bypassing a PHP WAF for SQLi

Posted on April 15, 2024 by Dinnerboard

I am working to bypass this WAF, but I have some problems.
$args_arr=array(

‘sql’=>"[^\\{\\s]{1}(\\s|\\b)+(?:select\\b|update\\b|insert(?:(\\/\\*.*?\\*\\/)|(\\s)|(\\+))+into\\b).+?(?:from\\b|set\\b)|[^\\{\\s]{1}(\\s|\\… Continue reading Problem bypassing a PHP WAF for SQLi→

How to enable ModSecurity to actually block/deny malicious requests? [migrated]

Posted on April 10, 2024 by Rahul Thakkar

I have setup installed mod security module for apache in ubuntu 22.04, using.
sudo apt-get install libapache2-mod-security2
sudo a2enmod security2
sudo systemctl restart apache2

This installs security module version 2.9.5 with core rule s… Continue reading How to enable ModSecurity to actually block/deny malicious requests? [migrated]→

Modsecurity blocks blocks my legit XHR POST request (403 forbidden)

Posted on January 18, 2024 by Picard

I’m new to modsecurity topic so maybe my question is stupid but…
I have setup modsecurity on my new nginx/1.24.0 server with default set of recommended rules: coreruleset-3.3.0 and since then my POST XHR request is being blocked.
This is… Continue reading Modsecurity blocks blocks my legit XHR POST request (403 forbidden)→

How dangerous is disabling PHPHighRiskMethodsVariables_BODY from the AWS ACLs?

Posted on December 13, 2023 by James Nugent

Problem
Users in my application are being blocked (by the AWS WAF) from uploading files with certain names. In the specific case I am trying to solve, the problematic string is .* System (.*).*.
Background
The block is coming from the PHPH… Continue reading How dangerous is disabling PHPHighRiskMethodsVariables_BODY from the AWS ACLs?→

What’s wrong with the use of a WAF (Web Application Firewall)?

Posted on November 27, 2023 by anon

My SaaS company recently lost the bid for an enterprise software licensing deal.
One of the reasons the prospect gave for not choosing us as a vendor was:

the use of a WAF

I’m not an information security specialist, so I’m confused as to… Continue reading What’s wrong with the use of a WAF (Web Application Firewall)?→

ModSecurity CRS, allow header `accept-charset`

Posted on November 7, 2023 by nulll

I have ModSecurity v2 on apache with CRS v3.
Requests containing header accept-charset are blocked on paranoia level 1, I read this great discussion about the header and that on CRS v4 will be allowed by default.
How can I write an exclusi… Continue reading ModSecurity CRS, allow header `accept-charset`→

ModSecurity CRS, allow header `accept-charset`

Posted on November 7, 2023 by nulll