Questions tagged [web-application-firewall]

generic term for set of software, web server extensions or hardware designed to filter WWW traffic at the application level in TCP network model.

Web application firewalls allow to create set of rules which both the queries to the server as well as responses from the server must meet before they are allowed to be transferred further.

In most cases they can be considered as IDS (Intrusion Detection Systems) or IPS (Intrusion Prevention Systems).

Common solutions include Apache mod_security module, WebKnight and IronBee software.

49 questions
13
votes
1 answer

AWS EC2 deny single ip address and allow all

I have a AWS EC2 instance and want deny access on port 80 for a single ip address (a bad bot). AWS console it seem support only "allow" rules. How deny a single ip address?
11
votes
1 answer

applicure dotdefender ISAPI filter causing pdf issue

I have recently migrated a web server form Server 2008 R2 to Server 2012 R2 The dotdefender application firewall works fine except for one issue. On large PDF ~15MB or more it take anywhere from 1 - 5 minutes to load depending on the size. PDF's…
Anthony Fornito
  • 9,526
  • 1
  • 33
  • 122
7
votes
1 answer

Is there a need for WAF in static website front with REST API?

I have two webistes www.mysite.com. -->hosted on s3 , served via Cloudfront static single page App. Then I have api.mysite.com , which the front end uses. My company is using WAF solution from thirdparty and current monolith applications are…
4
votes
1 answer

Examples where an AWS Security Group is not sufficient as a firewall?

Currently I am using only an AWS security group for one of my EC2 instances but have given some thought to adding a firewall to that stack as well. I'd be looking at using either iptables, or possibly migrating the entire system to ubuntu (not…
4
votes
2 answers

How to exclude ModSecurity rules by hostname?

I'm using OWASP core rule set 3.2.0 set up with ModSecurity 3.0.4 and ModSecurity-nginx. If I have a rule exclusion like this, in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf: SecRule REQUEST_URI "@beginsWith /api.php" \ "id:1015,\ …
nnyby
  • 298
  • 3
  • 5
  • 16
3
votes
2 answers

Securing Apache Solr in production

I am setting up Apache Solr 4.1 that will be used to index data for a web app. Only the web app should have access to the Solr. Users and other clients will not talk directly to Solr. What are some of the best practices to secure this type of Solr…
Saqib Ali
  • 410
  • 2
  • 7
  • 19
2
votes
1 answer

attackers bypass aws waf to go for ec2 instances directly

My Setup I have Elastic Beanstalk application, with a public LoadBalancer and public IPs on EC2. The application is behind CloudFront, which is protected with AWS WAF from different attacks I am experiencing now. Route 53 forwards DNS queries to…
2
votes
1 answer

'Hard-to-guess' custom header (or similar) to whitelist via a firewall

My organisation is adding a firewall to our test stacks, using AWS WAF. We'd like to whitelist all traffic from the SDKs we've built to facilitate requests between our services. We thought of doing this using a custom 'X-' request header, and then…
2
votes
1 answer

Possible to use Azure Application Gateway and Azure Firewall on AKS?

I have an AKS cluster running on Azure (managed Kubernetes). I'd like to put a WAF in front of it, using Azure Web Application Gateway. I think this is possible. But I also want a firewall in front of it, to limit both inbound and outbound traffic.…
2
votes
1 answer

Enabling WebSockets (SignalR) with a Barracuda WAF

I am currently tearing my hair out at work trying to resolve an issue with a web application that uses SignalR over WebSockets where traffic is directed through a Barracuda Web Application Firewall (WAF). Every attempt to connect to the…
jonhoare
  • 201
  • 1
  • 9
2
votes
1 answer

Is there any application/firewall to detect content scrapers?

We are noticing that a significant amount of web traffic is from content scrapers (determined due to their crawling pattern). They are useless visitors to us but consume a lot of our resources (bandwidth, cpu). Is there any application/firewall to…
newbie
  • 93
  • 4
2
votes
0 answers

Barracuda 660 WAF SNMP - Barracuda-BWS::totalAttacks

I've come across a little problem with retrieving stats via SNMP from a Barracuda Web Application Firewall 660. According to both the documentation (page 211), and the MIB defination, doing an SNMP GET on the OID 1.3.6.1.4.1.20632.8.4…
Coops
  • 5,967
  • 1
  • 31
  • 52
2
votes
1 answer

node-waf nodejs failing

When trying to compile Gilt Hummingbird for NodeJS, I get this error, as node-waf is missing. rm -rf build .lock-wscript bson.node node-waf configure build make[1]: node-waf: Command not found make[1]: *** [all] Error 127 I'm unsure how to compile…
James
  • 171
  • 1
  • 3
  • 15
2
votes
1 answer

What is the funniest firewall rule set?

What is the finniest firewall rule set that you know of? It doesn't necessarily have to stop attacks, you could just be having fun with the attacker. Any type of firewall will do, Packet Filter (like iptables) or even a Web Application…
Rook
  • 2,615
  • 5
  • 26
  • 34
2
votes
0 answers

AWS WAF ACL Rule for cookie value

I was trying to make an acl rule in waf2 which allows only a regex matched cookie value, but only if the cookie exists. sadly, this type of conditional rule aren't possible and I tried many ways and regex tricks with no luck. The same for any other…
PRF
  • 131
  • 1
1
2 3 4