1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

site

doc

blog

success stories

Web Application Firewall - Allowed Rules customizadas

Edit on GitHub

Criar rules customizadas aumenta o espaço e profundiade dos níveis de segurança em sua aplicação. É possível definir Allowed Rules customizadas para gerenciar e definir protocolos ao configurar seu Web Application Firewall (WAF).

Isso significa que você pode administrar listas de acordo com o comportamento e tráfico entre sua aplicação e a internet.

  1. Lista de protocolos
  2. Configurar Allowed Rule customizada
  3. Documentação de suporte

1. Lista de protocolos

Ao criar Allowed Rules (regras de permissão) no setup de seu WAF, escolha entre os protocolos disponíveis para definir esta composição customizada. Verifique-os abaixo:

Rule ID Descrição
1 Validation of protocol compliance: weird request, unable to parse
2 Request too big, stored on disk and not parsed
10 Validation of protocol compliance: invalid HEX encoding (null bytes)
11 Validation of protocol compliance: missing or unknown Content-Type header in a POST (this rule applies only to Request Body match zone)
12 Validation of protocol compliance: invalid formatted URL
13 Validation of protocol compliance: invalid POST format
14 Validation of protocol compliance: invalid POST boundary
15 Validation of protocol compliance: invalid JSON
16 Validation of protocol compliance: POST with no body
17 Possible SQL Injection attack: validation with libinjection_sql
18 Possible XSS attack: validation with libinjection_xss
1000 Possible SQL Injection attack: SQL keywords found in Body, Path, Query String or Cookies
1001 Possible SQL Injection or XSS attack: double quote (“) found in Body, Path, Query String or Cookies
1002 Possible SQL Injection attack: possible hex encoding (0x) found in Body, Path, Query String or Cookies
1003 Possible SQL Injection attack: MySQL comment (/*) found in Body, Path, Query String or Cookies
1004 Possible SQL Injection attack: MySQL comment (*/) found in Body, Path, Query String or Cookies
1005 Possible SQL Injection attack: MySQL keyword (|) found in Body, Path, Query String or Cookies
1006 Possible SQL Injection attack: MySQL keyword (&&) found in Body, Path, Query String or Cookies
1007 Possible SQL Injection attack: MySQL comment (–) found in Body, Path, Query String or Cookies
1008 Possible SQL Injection or XSS attack: semicolon (;) found in Body, Path or Query String
1009 Possible SQL Injection attack: equal sign (=) found in Body or Query String
1010 Possible SQL Injection or XSS attack: open parenthesis [(] found in Body, Path, Query String or Cookies
1011 Possible SQL Injection or XSS attack: close parenthesis [)] found in Body, Path, Query String or Cookies
1013 Possible SQL Injection or XSS attack: apostrophe (‘) found in Body, Path, Query String or Cookies
1015 Possible SQL Injection attack: comma (,) found in Body, Path, Query String or Cookies
1016 Possible SQL Injection attack: MySQL comment (#) found in Body, Path, Query String or Cookies
1017 Possible SQL Injection attack: double at sign (@@) found in Body, Path, Query String or Cookies
1100 Possible RFI attack: scheme “http://” found in Body, Query String or Cookies
1101 Possible RFI attack: scheme “https://” found in Body, Query String or Cookies
1102 Possible RFI attack: scheme “ftp://” found in Body, Query String or Cookies
1103 Possible RFI attack: scheme “php://” found in Body, Query String or Cookies
1104 Possible RFI attack: scheme “sftp://” found in Body, Query String or Cookies
1105 Possible RFI attack: scheme “zlib://” found in Body, Query String or Cookies
1106 Possible RFI attack: scheme “data://” found in Body, Query String or Cookies
1107 Possible RFI attack: scheme “glob://” found in Body, Query String or Cookies
1108 Possible RFI attack: scheme “phar://” found in Body, Query String or Cookies
1109 Possible RFI attack: scheme “file://” found in Body, Query String or Cookies
1110 Possible RFI attack: scheme “gopher://” found in Body, Query String or Cookies
1200 Possible Directory Traversal attack: double dot (..) found in Body, Path, Query String or Cookies
1202 Possible Directory Traversal attack: obvious probe (/etc/passwd) found in Body, Path, Query String or Cookies
1203 Possible Directory Traversal attack: obvious windows path (c:\) found in Body, Path, Query String or Cookies
1204 Possible Directory Traversal attack: obvious probe (cmd.exe) found in Body, Path, Query String or Cookies
1205 Possible Directory Traversal attack: backslash () found in Body, Path, Query String or Cookies
1206 Possible Directory Traversal attack: slash (/) found in Body, Query String or Cookies
1302 Possible XSS attack: html open tag (<) found in Body, Path, Query String or Cookies
1303 Possible XSS attack: html close tag (>) found in Body, Path, Query String or Cookies
1310 Possible XSS attack: open square bracket ([) found in Body, Path, Query String or Cookies
1311 Possible XSS attack: close square bracket (]) found in Body, Path, Query String or Cookies
1312 Possible XSS attack: tilde character (~) found in Body, Path, Query String or Cookies
1314 Possible XSS attack: back quote ( `) found in Body, Path, Query String or Cookies
1315 Possible XSS attack: double encoding (%[2|3]) found in Body, Path, Query String or Cookies
1400 Possible trick to evade protection: UTF7/8 encoding (&#) found in Body, Path, Query String or Cookies
1401 Possible trick to evade protection: MS encoding (%U) found in Body, Path, Query String or Cookies
1500 Possible File Upload attempt: asp/php (.ph, .asp or .ht) found in filename in a multipart POST containing a file

2. Configurar Allowed Rule customizada

Para ativar uma nova Rule Set do WAF, certifique-se de adicioná-lo a uma Rule na seção Behaviors do Rules Engine do Edge Firewall.

  1. Após definir a configuração do WAF, vá para a aba Allowed Rules.

  2. Clique em Add Rule.

  3. Escolha um protocolo na lista Rule ID.

  4. Em Rule Description, escreva uma descrição sugestiva para identificar as configurações.

  5. O campo Path será usado para restringir o alcance de uma match zone. Caso não queira essa restrição, deixe em branco.

  6. No campo Match Zones, escolha a zona de correspondência que você deseja inserir na regra de permissão (allowlist). Você pode criar quantas Match Zones forem necessárias, de acordo com o tipo de configuração:

  • Utilize Query String ou Conditional Query String para inserir todos os argumentos GET ou um arguemento nomeado na allowlist. Por exemplo, o argumento “search”;
  • Utilize Request Header ou Conditional Request Header para inserir todos os headers de requisição HTTP ou um header nomeado na allowlist. Por exemplo, o header de Cookie;
  • Utilize Request Body ou Conditional Request Body para inserir todos os argumentos POST ou um argumento nomeado na allowlist. Por exemplo, o argumento “search”;
    • Utilize Raw Body para usar requisições não analisadas (unparsed, raw) na allowlist;
  • Utilize File Name (Multipart Body) para colocar o nome de um POST multipart contendo o arquivo na allowlist;
  • Utilize Path para adicionar o path em si ou um path nomeado na allowlist.

7 Quando terminar de configurar a regra customizada, clique em Save.


3. Documentação de suporte


Não encontrou o que procurava? Abra um ticket.