Mailbox logo
Mailbox İnternet Hizmetleri
What is WAF? How to use?
WAF is a web application firewall that helps you protect your web applications …
What is WAF? How to use?
Mon, 08, Feb, 2021 22:29
What is WAF? How to use?

WAF is a web application firewall that helps you protect your web applications or APIs from common web vulnerabilities that can affect accessibility, compromise security, or be over-resourced.

To highlight common web vulnerabilities, we can say free ones. Paid waf services range from 35 USD to 300 USD per month.

It works very well in hosting, cloud and app services.
Off is set to Detect and prevent, and every web client has to pass this wall before reaching the server.

Known Free Modsecurities: Comodo, Atomic standard and Owasp
These services are also available for payers.

OWASP:  ModSecurity Core Rule Set is very restrictive and might block some functions (for example, file sharing, webmail) and some features of web applications (for example, WordPress plugins).

Atomic Standart: A starter version of ModSecurity Rules by Atomicorp. They provide basic protection and are updated on a monthly basis.

Comodo: Free ModSecurity Rules from Comodo. They provide basic protection.

We share with you a waf (modsecurity) log file that is open in the log file below. Laravel .env file was requested to be accessed and immediately blocked.

----------------------------------

HTTP/1.1 403 Forbidden
Content-Length: 206
Connection: close
Content-Type: text/html; charset=iso-8859-1

--64f02e36-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 85.214.*.*] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "185.122.*.*"] [uri "/.env"] [unique_id "YCC6FqKgoNwOhSLeVfy@NQAAAIU"]
Action: Intercepted (phase 1)
Stopwatch: 1612757526343410 3356 (- - -)
Stopwatch2: 1612757526343410 3356; combined=2247, p1=1728, p2=0, p3=0, p4=0, p5=518, sr=708, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

----------------------------