Add WAF Detection Option #4147
Assignees
Labels
Type: Enhancement
Most issues will probably ask for additions or changes.
Milestone
Comments
ResistanceIsUseless
added
the
Type: Enhancement
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be nice to have an option outside of templates to detect a WAF to stop false positives for more generic templates. For example if the template only relies on the status code being 200 it will most likely run into false positives. (I honestly don't know too many templates that do this, but there are a few)
A simple but usually effective way to detect a WAF is to generate a unique path like /o87ohbhjbvbkjbvklj and if it responds with 200 or 302 its probably a WAF.
I'm thinking adding an argument to run in WAF detection mode will add an add hoc check to templates that adds the WAF check's response as a negative detection pattern. Adding the whole WAF check template patterns would work too if the WAF has enabled the custom content page, that seems like a lot of work for a small ROI unless someone really cares about also fingerprinting the WAF.
References:
The text was updated successfully, but these errors were encountered: