Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
litespeed_wiki:waf:comodo [2017/09/05 21:34]
Ron Saad [How to Setup Comodo on LiteSpeed Web Server with cPanel]
litespeed_wiki:waf:comodo [2018/05/16 19:37] (current)
Eric Leu [Verify Comodo]
Line 20: Line 20:
  
 ===== Verify Comodo ===== ===== Verify Comodo =====
-  - After setting up Comodo, you may need to restart LiteSpeed Web Server+====Method 1====
   - To check CWAF for protection, send the request as shown below: <​code>​http://​$server_domain/?​a=b AND 1=1</​code>​ The server will respond with a 403 status code \\ {{:​litespeed_wiki:​waf:​comodo-5.png?​500|}}   - To check CWAF for protection, send the request as shown below: <​code>​http://​$server_domain/?​a=b AND 1=1</​code>​ The server will respond with a 403 status code \\ {{:​litespeed_wiki:​waf:​comodo-5.png?​500|}}
 +
 +====Method 2: Command injection attack====
 +  - Create a delete.php file with following codes \\ <​code>​
 +<?php
 +print("​Please specify the name of the file to delete"​);​
 +print("<​p>"​);​
 +$file=$_GET['​filename'​];​
 +system("​rm $file"​);​
 +?>
 +</​code>​
 +  - Create a dummy file \\ <​code>​touch bob.txt</​code>​
 +  - Open <​code>​ http://​$server_domain/​delete.php?​filename=bob.txt;​id </​code>​
 +If WAF works, you will get a 403 forbidden page
  
 ===== Uninstall Comodo ===== ===== Uninstall Comodo =====
 
litespeed_wiki/waf/comodo.txt · Last modified: 2018/05/16 19:37 by Eric Leu