I ka makahiki i hala aku nei ua hoʻokuʻu mākou iā Nemesida WAF Free, he module dynamic no NGINX e ālai ana i ka hoʻouka ʻana i nā noi pūnaewele. ʻAʻole like me ka mana pāʻoihana, kahi i hoʻokumu ʻia ma ke aʻo ʻana i ka mīkini, ʻike ka mana manuahi i nā noi me ka hoʻohana ʻana i ke ʻano pūlima.
Nā hiʻohiʻona o ka hoʻokuʻu ʻana o Nemesida WAF 4.0.129
Ma mua o ka hoʻokuʻu ʻana i kēia manawa, ua kākoʻo ka Nemesida WAF dynamic module iā Nginx Stable 1.12, 1.14 a me 1.16. Hoʻohui ka hoʻokuʻu hou i ke kākoʻo no Nginx Mainline, e hoʻomaka ana mai 1.17, a me Nginx Plus, e hoʻomaka ana mai 1.15.10 (R18).
No ke aha e hana ai i kahi WAF hou?
ʻO NAXSI a me mod_security ka mea i kaulana loa i nā modula WAF manuahi, a ua hoʻoikaika ikaika ʻia ʻo mod_security e Nginx, ʻoiai ma Apache2 wale nō. He manuahi nā hāʻina ʻelua, open source a he nui nā mea hoʻohana a puni ka honua. No ka mod_security, loaʻa nā pūlima manuahi a me nā ʻoihana no $ 500 i kēlā me kēia makahiki, no ka NAXSI aia kahi pūʻulu manuahi o nā pūlima ma waho o ka pahu, a hiki iā ʻoe ke ʻike i nā hoʻonohonoho hou o nā lula, e like me doxsi.
I kēia makahiki ua hoʻāʻo mākou i ka hana o NAXSI a me Nemesida WAF Free. E pili ana i nā hopena:
- ʻAʻole hana ʻo NAXSI i ʻelua URL decode i nā kuki
- He lōʻihi ka manawa e hoʻonohonoho ai ʻo NAXSI - ma ke ʻano maʻamau, e ālai ʻia nā hoʻonohonoho kānāwai paʻamau i ka hapa nui o nā noi i ka wā e hana ai me kahi noi pūnaewele (ʻae ʻia, hoʻoponopono ʻana i kahi ʻaoʻao a i ʻole mea, komo i nā noiʻi, a me nā mea ʻē aʻe) a pono e hana i nā papa inoa ʻokoʻa , he hopena maikaʻi ʻole i ka palekana. ʻAʻole i hana ʻo Nemesida WAF Free me nā hoʻonohonoho paʻamau i hoʻokahi mea maikaʻi hewa i ka wā e hana ana me ka pūnaewele.
- ʻoi aku ka nui o ka nui o nā hoʻouka ʻana no NAXSI, etc.
ʻOiai nā hemahema, loaʻa iā NAXSI a me mod_security ʻelua mau mea maikaʻi - open source a me ka nui o nā mea hoʻohana. Kākoʻo mākou i ka manaʻo o ka wehe ʻana i ke code kumu, akā ʻaʻole hiki iā mākou ke hana i kēia ma muli o nā pilikia e pili ana i ka "piracy" o ka mana kalepa, akā no ka uku ʻana i kēia hemahema, ke hōʻike piha nei mākou i nā ʻike o ka pūlima. Mahalo mākou i ka pilikino a manaʻo mākou e hōʻoia ʻoe iā ʻoe iho me ka hoʻohana ʻana i kahi kikowaena proxy.
Nā hiʻohiʻona o Nemesida WAF Free:
- ʻikepili pūlima kiʻekiʻe me ka helu haʻahaʻa o False Positive a me False Negative.
- hoʻouka a hoʻohou mai ka waihona (wikiwiki a maʻalahi);
- nā hanana maʻalahi a hiki ke hoʻomaopopo e pili ana i nā hanana, aʻaʻole he "pilikia" e like me NAXSI;
- manuahi loa, ʻaʻohe palena i ka nui o ke kaʻa, nā host virtual, etc.
I ka hopena, e hāʻawi wau i kekahi mau nīnau e loiloi i ka hana o WAF (manaʻo ʻia e hoʻohana ia i kēlā me kēia o nā ʻāpana: URL, ARGS, Headers & Body):
')) un","ion se","lect 1,2,3,4,5,6,7,8,9,0,11#"]
')) union/**/select/**/1,/**/2,/**/3,/**/4,/**/5,/**/6,/**/7,/**/8,/**/9,/**/'some_text',/**/11#"]
union(select(1),2,3,4,5,6,7,8,9,0x70656e746573746974,11)#"]
')) union+/*!select*/ (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
')) /*!u%6eion*/ /*!se%6cect*/ (1),(2),(3),(4),(5),(6),(7),(8),(9.),(0x70656e746573746974),(11)#"]
')) %2f**%2funion%2f**%2fselect (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
%5B%221807182982%27%29%29%20uni%22%2C%22on
%20sel%22%2C%22ect%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C%2some_text%27%2C11%23%22%5D
cat /et?/pa?swd
cat /et'c/pa'ss'wd
cat /et*/pa**wd
e'c'ho 'swd test pentest' |awk '{print "cat /etc/pas"$1}' |bas'h
cat /etc/passwd
cat$u+/etc$u/passwd$u
<svg/onload=alert()//
Inā ʻaʻole paʻa ʻia nā noi, a laila e poina paha ka WAF i ka hoʻouka kaua maoli. Ma mua o ka hoʻohana ʻana i nā hiʻohiʻona, e hōʻoia ʻaʻole ʻae ka WAF i nā noi kūpono.
Source: www.habr.com