Stack Overflow
Stack Overflow

Questions tagged [web-application-firewall]

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

From owasp:

A web application firewall is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

261 questions
126
votes
2 answers

Nginx startup prompt [emerg] no "events" section in configuration

In the X-WAF deployment, you need to create a new nginx configuration file. However, when testing the nginx configuration, an error is found and nginx cannot be started. I refer to http://blog.51cto.com/14071176/2318054,I did it step by step…
Dora
  • 1,261
  • 2
  • 6
  • 3
8
votes
2 answers

How to use Firebase behind Firewall / Proxy?

We are running a simple application that connects to Firebase are reads some data. It fails to connect with the following timeout error: @firebase/database: FIREBASE WARNING: {"code":"app/invalid-credential", "message":"Credential implementation…
Manoj Goel
  • 2,034
  • 4
  • 12
  • 24
7
votes
1 answer

AWS load balancer returns a 403 response?

When a call comes to a particular URL, AWS load balancer returns a 403 response. Once the browser cache is cleared, it will start working. it happens occasionally. What is the reason? No such response was noted in the WAF log. Is this because of the…
AWS Coder
  • 455
  • 1
  • 8
  • 13
6
votes
3 answers

Azure API Management - How to get original IP when APM is behind WAF

We have below technical stack Imperva WAF API Management WebApi in WebApp This is current implementation Client IPs are authenticated at WAF level WAF IPs are whitelisted at APIM APIM IP is whitelisted at WebApp level Everything is working fine…
Manish Joisar
  • 1,256
  • 3
  • 23
  • 47
5
votes
2 answers

Getting error as "The scope is not valid., field: SCOPE_VALUE, parameter: CLOUDFRONT", in terraform

I tried to create waf web acl using below terraform script with the region of one of my aws account (abc) as ap-southeast-1 in .aws/config file, But getting below error after applying it. whereas Same script created waf web acl successfully if my…
Prakash
  • 91
  • 1
  • 8
5
votes
0 answers

Why does Chrome triggers the Azure App Gateway Web Application Firewall?

I have an Azure App Service sitting behind an Azure App Gateway on the WAF v2 tier. We are experiencing an issue where we get the 403 Forbidden response from the gateway in some Chrome browsers, yet the site displays correctly from Chrome Incognito…
KitkatNeko
  • 51
  • 3
5
votes
1 answer

The SSL connection could not be established, see inner exception

I have an Integration project, where my RestAPI's call WCF services of other project to do some CRUD operations. My project is built on .net core 2.2.102. I deployed my project in BETA environment(PROD in my case) and pointed to the PROD URL's of…
abbs
  • 226
  • 2
  • 3
  • 12
4
votes
3 answers

Is a WAF necessary on Kubernetes?

When reading blog posts about WAFs and Kubernetes, it seems 90+ % of the posts are written by WAF-providers, while the remaining posts seem to be sceptical. So I would like to hear what your experiences are with WAFs, do they make sense, and if so…
Esben Eickhardt
  • 3,183
  • 2
  • 35
  • 56
4
votes
1 answer

Anybody using detrusion.com, web application firewall for ruby on rails

PS: I was doing to some random search and then I got detrusion.com. Whats this web application firewall ? How it works ? Any performance hit, if yes then how much? Should I use this destruction.com or anything else better available. Anybody??
Mohit Jain
  • 43,139
  • 57
  • 169
  • 274
4
votes
1 answer

How to whitelist an ip address in Azure WAF

I have an Azure Application Gateway Web Application Firewall using the OWASP 3.0 ruleset. I created a custom policy so I could create a custom rule which simply allows traffic if it's from a specific IP Address and it has a priority of 1. This is…
devlife
  • 15,275
  • 27
  • 77
  • 131
4
votes
1 answer

Do you think we would need a CDN in front of an api gateway?

We are using AWS and using the Kong API gateway hosted in AWS. Do you think we would need a CDN in front this API gateway? We don't need much caching, as well as we can attach the WAF in AWS to the alb.
shyju
  • 51
  • 2
4
votes
1 answer

Azure App Service with WAF

I'm looking for some Azure security best practice advice. I've seen some articles around on how to do it, but not if its necessarily required. I have a customer who would like to move to Azure and they have specifically requested we stick to a PAAS…
ColinRobertson
  • 350
  • 4
  • 20
3
votes
3 answers

How to create a wildcard to deny all requests from all ips in AWS WAF

I got a microservice in an ECS instance in AWS behind a WAF, I want to create these rules: Allow specific IPs (done) Allow all connections from inside the VPN (done) Deny all the other requests. The first two IP set are created, but I can't make…
Adan_SL
  • 348
  • 1
  • 5
  • 16
3
votes
1 answer

How to prevent false positive block in Azure WAF for password field

I'm using Azure Front door with a web application firewall policy. Managed rule set 1.0 is configured. It all works pretty well, apart from the password field in the login page of my web site. I see numerous block occasions based on rule…
Mr M
  • 51
  • 3
3
votes
2 answers

cloudformation - Is it possible to split a string and assign to property in a list?

How do I split a string and use the value for a property? For example say I have the following string: SomeRule1,SomeRule2. I want use this string to populate the exludedRules property of AWS::WAFv2::WebACL ManagedRuleGroupStatement. excludedRules…
aaa01ggggg
  • 111
  • 3
1
2 3
17 18