waf | Web Application Firewall | Firewall library
kandi X-RAY | waf Summary
kandi X-RAY | waf Summary
:vertical_traffic_light:Web Application Firewall or API Gateway (application firewall/API Gateway)
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Sync security config
- Sets the waf configuration
- Sets the response config
- Sets the rewrite configuration
- Start the application
- Get local address
- Get local address
- Filter request
- Convert json string to object
- Initialize the SSLContext
- Filter cookie values
- Filter security config items
- Performs the actual filtering
- Filters out the given request
- List of rewrite configurations
- Return all redirect configurations
- Filter security config items
- Get downstream configs
- Execute the HTTP response
- Removes the restricted restrictions
- Validates the redirect configuration
- Initializes the keystore
- Filter the http request
- Filter the HttpRequest
- Filter the request
- Filter security config items
waf Key Features
waf Examples and Code Snippets
Community Discussions
Trending Discussions on waf
QUESTION
I am trying to connect cloudfront with EBS.
Whats the setup?
EBS is hosting a nodeJs application.
Cloudfront origin set to Elastic load balancer and accepts HTTPS only [Cloudfront config]
All Alternative domains are added correctly.
ACM certificate is added to Cloudfront [region US EAST - N.Virgina]
EC2 instance / EBS is in the region Asia Pacific. ACM certificates installed in load balancer are from Asia pacific too.
I am also redirecting http traffic with the help of load balancer listeners.
Security group allows traffic to port 443 . No AWS WAF set.
Origin settings:-
It's been a day now.
I am trying continuously.
I am able to set DNS A & AAA record to the cloudfront using route 53, getting the dropdown value as well.
I am able to park domains directly to EBS & they work over https properly.
Getting 502 ERROR : The request could not be satisfied.
Already tried https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-bad-request-error/
I doubt my ELB has ACM certificate from Asia Pacific but the ACM certificate used in cloudfront is from US EAST , is that causing the issue? I can't change the EBS region now.
...ANSWER
Answered 2022-Mar-30 at 07:44It seems that you did not setup https on your EB. But you are using HTTPS only
origin. That's why it does not work. You have to have origin in http, or actually properly setup https on your EB.
QUESTION
How do I chain to resource(s) created with count? Or should I not created them with count
if I want to chain additional resources to them? Doing it the way below, with count
used in the initial resource and for_each
used in the chained resource gives me the following error:
ANSWER
Answered 2022-Mar-03 at 11:22You have instructed the aws_wafv2_web_acl
resource to use the count
meta-argument [1], which as the name suggests uses numbers. It creates an array where you can access elements by referencing the element of the array. In your case that would be aws_wafv2_web_acl.waf_acl_regional[0]
. On the other hand, the for_each
meta-argument [2] uses key/value pairs. That means that in order to fetch a value, you have to have a key which will be used as a reference to a value. For example, that would be something like aws_wafv2_web_acl.waf_acl_regional["prod"]
. That further means that the var.env
would have to be of type map
or set
[3]. Those types are complex types in Terraform.
[1] https://www.terraform.io/language/meta-arguments/count
[2] https://www.terraform.io/language/meta-arguments/for_each
[3] https://www.terraform.io/language/expressions/type-constraints#complex-types
QUESTION
I have those lines in the .htaccess file.
...ANSWER
Answered 2022-Jan-19 at 11:13I MUST maintain this line where she is.
That directive does not need to go inside the WordPress code block. You should place that directive before the # BEGIN WordPress
comment marker. And this will prevent it from being overwritten by WordPress. In fact, you could place your custom rules at the very top of the file to make them easier to find/maintain.
It will work exactly the same.
You do not need to enclose it in an container like the other directives. And you should not repeat the
RewriteEngine On
and RewriteBase /
directives. (The order of these particular directives do not matter. In fact, the last instance "wins" and controls the entire file.)
For example:
QUESTION
I've been trying to implement Azure Front Door custom rules for IP restrictions on Azure Static Web Apps. So far I have:
- Configured the static web app to support Front Door: https://docs.microsoft.com/en-us/azure/static-web-apps/front-door-manual
- Configured domains, backends and routing for Front Door
- Added WAF policy and custom rule for ip restrictions following this guidance: https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction
Everything else works just fine, except that the IP restriction rule seems to be blocking all traffic (or least the IP's it's supposed to let through). Similar rule with Geo locations works just fine. IP Restriction rule is:
- Match type: IP address
- Match variable: SocketAddr (tried with RemoteAddr as well, with same result)
- Operation: Does not contain
- IP range: List of X.X.X.X/32 that should go through.
- Action: block
Logs show that traffic from IP's in IP range is indeed blocked by Front Door.
Has anyone managed to get such setup working or is there an apparent error in what I'm trying to do? We've checked the rule and logs with a colleague and can't spot any apparent errors, and the fact that blocking based on geo location works, leads me to believe that this scenario might not work yet with Front Door and Static Web Apps.
Some discussion I've been able to find:
- Static Web App issue: https://github.com/Azure/static-web-apps/issues/373
- Similar questions in here relating to Web Apps: How to configure Web Apps such that they cannot be accessed directly? (the mentioned header is implemented in static web app config)
ANSWER
Answered 2021-Dec-07 at 22:05Not using front door, but it is possible to perform IP restrictions directly on SWAs now as long as you're using the Standard
SKU
QUESTION
I am trying to build in Terraform a Web ACL resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl
This resource has the nested blocks rule->action->block and rule-> action->count
I would like to have a variable which's type allows me to set the action to either count {}
or block{}
so that the two following configurations are possible:
With block:
...ANSWER
Answered 2021-Dec-20 at 02:40The only marginal improvement I can imagine is to move the dynamic
blocks one level deeper, to perhaps make it clear to a reader that the action
block will always be present and it's the count
or block
blocks inside that have dynamic behavior:
QUESTION
How can I get requests with urls containing any of these special chars <>^|
to make it to my lambda behind api gateway, and not be blocked at api gateway?
Problem: We have a lambda triggered by api gateway, and the lambda responds normally to most requests. But, a url with certain special chars (<>^|
) returns a 400 bad_request
without ever being delivered to the lambda. When the url-encoded alternative (i.e. %7C
in place of |
) is used in the url instead, the lambda responds without issues.
At first, our team presumed that the requests containing these special chars, specifically vertical bar (|
), were being blocked by AWS WAF. But the WAF graph doesn't register that the requests ever hit, leading us to think this could be an api gateway issue.
What's been tried: ran the same curl request 10 times against a deployed server. Nine of those times, used a special char in url endpoint, tenth time, used encoded equivalent.
Encoded attempt went through, and lambda responded without issue. All nine other attempts failed, and did not show up in AWS console, or the WAF graph.
Outside of informing our users to always encode these special chars in the url bodies as a 'fix', would super appreciate any insights into this api gateway issue. Thanks.
...ANSWER
Answered 2021-Dec-03 at 01:04Not all characters are supported. From docs:
Path segments can only contain alphanumeric characters, hyphens, periods, commas, colons, and curly braces. Path parameters must be separate path segments.
QUESTION
I am using WordPress and we have one directory that is not a WordPress directory /images and we need this directory to be HTTP only everything else should be forced to HTTPS.
In the WordPress settings we have the domain set to HTTP
and in the .htaccess
file we have the below.
I can not seem to get this to work. Our host is cloudways if that helps any
...ANSWER
Answered 2021-Nov-30 at 13:12In the wordpress settings we have the domain set to http
If you are wanting to force HTTPS everywhere except for the one directory, which is "outside of WordPress" then the "WordPress Address" and "Site Address" in the WP dashboard should both be set to HTTPS, not HTTP.
QUESTION
First of all, I'm using Ubuntu 20.04 and Python 3.8. I would like to run a program that takes command line inputs. I managed to start the program from python with the os.system() command, but after starting the program it is impossible to send the inputs. The program in question is a product interface application that uses the CubeSat Space Protocol (CSP) as a language. However, the inputs used are encoded in a .c file with their corresponding .h header.
In the shell, it looks like this: starting the program
In python, it looks like this:
...ANSWER
Answered 2021-Nov-13 at 16:45I'll try and give you some hints to get you started - though bear in mind I do not know any of your tools, i.e. waf
or csp-client
, but hopefully that will not matter.
I'll number my points so you can refer to the steps easily.
Point 1
If waf
is a build system, I wouldn't keep running that every time you want to run your csp-client
. Just use waf
to rebuild when you have changed your code - that should save time.
Point 2
When you change directory to /home/augustin/workspaceGS/gs-sw-nanosoft-product-interface-application-2.5.1
and then run ./build/csp-client
you are effectively running:
QUESTION
I'm trying to folllow Azure Tutorial on how to get Api Management under a vnet and accessible through an application gateway (WAF). I'm stuck trying to upload the root cert into application gateway. It says that the "Data for certificate is invalid", apparently Azure Application gateway doesn’t like Letsencrypt certs.
My certs are:
- mydomain.com.br
- api.mydomain.com.br
- developer.mydomain.com.br
- managemnet.mydomain.com.br
I have used acmesh to generate all certs:
...ANSWER
Answered 2021-Aug-30 at 21:17Why you want to add the Lets Encrypt Root CA cert on your application gateway?
From my understanding the Root CA from Lets Encrypt is ISRG Root X1
and this one should be already trusted by Clients (Browsers).You only want to add the Root CA if you have self signed certificates.
Here is a workflow with storing the certs in Azure Key Vault: https://techblog.buzyka.de/2021/02/make-lets-encrypt-certificates-love.html
Another Workflow here describes adding certs with ACME challenges: https://intelequia.com/blog/post/1012/automating-azure-application-gateway-ssl-certificate-renewals-with-let-s-encrypt-and-azure-automation
QUESTION
I have a waf build script and need to invoke a program which is not officially supported.
...ANSWER
Answered 2021-Oct-08 at 06:50For waf to process the use
keyword, you must add the use
feature to your task generator. You also need to add a "compile" aware feature like c, d or cxx. Like this:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install waf
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page