Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:waf:standalone [2017/09/12 18:25] Lisa Clarke [Enable Firewall] |
litespeed_wiki:waf:standalone [2018/05/16 19:29] Eric Leu [Verify Comodo] |
||
|---|---|---|---|
| Line 56: | Line 56: | ||
| ===== Verify Comodo ===== | ===== Verify Comodo ===== | ||
| - | - After setting up Comodo, you may need to restart LiteSpeed Web Server | + | ====Method 1==== |
| - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}} | - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}} | ||
| + | |||
| + | ====Method 2: Command injection attack==== | ||
| + | - Create a delete.php file with following codes \\ <code> | ||
| + | <?php | ||
| + | print("Please specify the name of the file to delete"); | ||
| + | print("<p>"); | ||
| + | $file=$_GET['filename']; | ||
| + | system("rm $file"); | ||
| + | ?> | ||
| + | </code> | ||
| + | - Create a dummy file \\ <code>touch bob.txt</code> | ||
| + | - Open http://example.com/delete.php?filename=bob.txt;id | ||
| + | If WAF works, you will get a 403 forbidden page | ||
| + | |||
| + | |||
| + | |||