Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
litespeed_wiki:waf:standalone [2017/09/12 18:25]
Lisa Clarke [Enable Firewall]
litespeed_wiki:waf:standalone [2018/05/16 19:30]
Eric Leu [Method 2: Command injection attack]
Line 56: Line 56:
  
 ===== Verify Comodo ===== ===== Verify Comodo =====
-  - After setting up Comodo, you may need to restart LiteSpeed Web Server+====Method 1====
   - To check CWAF for protection, send the request as shown below: <​code>​http://​$server_domain/?​a=b AND 1=1</​code>​ The server will respond with a 403 status code \\ {{:​litespeed_wiki:​waf:​comodo-5.png?​500|}}   - To check CWAF for protection, send the request as shown below: <​code>​http://​$server_domain/?​a=b AND 1=1</​code>​ The server will respond with a 403 status code \\ {{:​litespeed_wiki:​waf:​comodo-5.png?​500|}}
 +
 +====Method 2: Command injection attack====
 +  - Create a delete.php file with following codes \\ <​code>​
 +<?php
 +print("​Please specify the name of the file to delete"​);​
 +print("<​p>"​);​
 +$file=$_GET['​filename'​];​
 +system("​rm $file"​);​
 +?>
 +</​code>​
 +  - Create a dummy file \\ <​code>​touch bob.txt</​code>​
 +  - Open <​code>​ http://​$server_domain/​delete.php?​filename=bob.txt;​id </​code>​
 +If WAF works, you will get a 403 forbidden page
 +
 +
 +
  
  
  • Admin
  • Last modified: 2019/01/24 21:16
  • by Lisa Clarke