Re: No WAF detected

Kihaguru Gathura Mon, 09 Dec 2019 05:15:05 -0800

Hi,

A message form assessors and further tests below.


[image: image.png]


I have configured relayd to serve a single url that accepts no parameters.
This url is blocked by relayd with error 403 Forbidden if anything is
appended to its end.

I would expect WAF detection in such a test case but this has not happened.

what other means are malicious payloads being delivered in this case?

Thanks and regards,

Kihaguru


----------------------------------------------------------------------------------------------------------------------------

        # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
        #
        # Relay and protocol
        #
        http protocol httpp {
                return error
                match response header remove "Server"

                pass
                block quick path "/cgi-bin/index.cgi" value "*command=*"
                pass quick path "/net/index.html" value ""
                block
        }

        relay httpr {
                # Listen on localhost, accept diverted connections from
pf(4)
                listen on 127.0.0.1 port 8080
                protocol httpp

                # Forward to the original target host
                forward to destination
        }

        http protocol httpsp {
                return error
                match response header remove "Server"

                pass
                block quick path "/cgi-bin/index.cgi" value "*command=*"
                pass quick path "/net/index.html" value ""
                block

                tls keypair example.net
         }

        relay httpsr {
                # Listen on localhost, accept diverted connections from
pf(4)
                listen on 127.0.0.1 port 8443 tls
                protocol httpsp

                # Forward to the original target host
                forward with tls to destination
        }
---------------------------------------------------------------------------------------------------------------------------


On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson <s...@spacehopper.org> wrote:

> On 2019/12/05 00:17, Kihaguru Gathura wrote:
> >
> >
> >
> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura <pqscr...@gmail.com>
> wrote:
> >
> >
> >
> >         >> Which is a better way to implement a WAF on OpenBSD using the
> base utilities?
> >         >
> >         > relayd configured in certain ways might be considered as a WAF.
> >
> >
> >     All methods and all other security headers and path filters are
> coded in the web
> >     application which had always been detected as a custom WAF until two
> weeks ago.
> >
> >     I have now included relayd and a re-test passes all other
> requirements but does not detect
> >     a WAF (please find sample configurations and test report below).
> >
> >     Any hint highly appreciated
>
> I think you will need to talk to your assessors and ask what they're
> looking for.
>
>

Re: No WAF detected

Reply via email to