Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:waf:standalone [2018/11/08 18:42] Jackson Zhang [The following method won't trigger due to mod_security rule set change] |
litespeed_wiki:waf:standalone [2018/11/08 18:49] Jackson Zhang |
||
|---|---|---|---|
| Line 69: | Line 69: | ||
| - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}} | - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}} | ||
| - | ====Method 2: Command injection attack==== | + | ====Method 2: ==== |
| + | You can check that CWAF works properly by sending in GET or POST request parameter cwaf_test_request=a12875a9e62e1ecbcd1dded1879ab06949566276 | ||
| + | like | ||
| + | |||
| + | http://$server_domain/?cwaf_test_request=a12875a9e62e1ecbcd1dded1879ab06949566276 | ||
| + | |||
| + | If web server will return status 403 Forbidden, then CWAF works fine. | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 89: | Line 95: | ||
| - Open <code> http://$server_domain/delete.php?filename=bob.txt;id </code> | - Open <code> http://$server_domain/delete.php?filename=bob.txt;id </code> | ||
| - | you will not get a 403 forbidden page if you test as above. Please use other methods to test. | + | You will not get a 403 forbidden page if you test as above. Please use other methods to test. In term of how to test against the Command injection attack protection, you may need to consult corresponding mod_security rules providers. As we are not mod_security rulesets provider and we are not in a position to provide such recommendation. |