N'afọ gara aga, anyị wepụtara Nemesida WAF Free, modul dị ike maka NGINX nke na-egbochi mwakpo na ngwa weebụ. N'adịghị ka ụdị azụmahịa, nke dabere na mmụta igwe, ụdị efu na-enyocha arịrịọ naanị site na iji usoro mbinye aka.
Akụkụ nke ntọhapụ nke Nemesida WAF 4.0.129
Tupu ewepụta ugbu a, Nemesida WAF modul dynamic kwadoro naanị Nginx Stable 1.12, 1.14 na 1.16. Ntọhapụ ọhụrụ ahụ na-agbakwụnye nkwado maka Nginx Mainline, malite na 1.17, na Nginx Plus, malite na 1.15.10 (R18).
Kedu ihe kpatara ịme WAF ọzọ?
NAXSI na mod_security bụ modul WAF efu kachasị ewu ewu, yana Nginx na-akwalite mod_security nke ọma, n'agbanyeghị na mbụ ejiri ya naanị na Apache2. Ngwọta abụọ a bụ n'efu, ebe mepere emepe ma nwee ọtụtụ ndị ọrụ gburugburu ụwa. Maka mod_security, mbinye aka n'efu na nke azụmahịa dị maka $500 kwa afọ, maka NAXSI enwere mbinye aka n'efu na igbe ahụ, ị nwekwara ike ịchọta usoro iwu ndị ọzọ, dị ka doxsi.
N'afọ a, anyị nwalere ọrụ nke NAXSI na Nemesida WAF Free. Na nkenke gbasara nsonaazụ ya:
- NAXSI anaghị eme URL ugboro abụọ decode na kuki
- NAXSI na-ewe ogologo oge iji hazie ya - na ndabara, ntọala iwu ndabara ga-egbochi ọtụtụ arịrịọ mgbe ị na-arụ ọrụ na ngwa weebụ (ikike, dezie profaịlụ ma ọ bụ ihe, itinye aka na nyocha, wdg) yana ọ dị mkpa ịmepụta ndepụta ewepu. , nke nwere mmetụta ọjọọ na nchekwa. Nemesida WAF Free nwere ntọala ndabara emebeghị otu ihe dị mma mgbe ị na-arụ ọrụ na saịtị ahụ.
- ọnụọgụ nke ọgụ agbaghara maka NAXSI dị ọtụtụ ugboro karịa, wdg.
N'agbanyeghị adịghị ike, NAXSI na mod_security nwere opekata mpe uru abụọ - isi mmalite na ọnụ ọgụgụ buru ibu nke ndị ọrụ. Anyị na-akwado echiche nke ikpughe koodu isi mmalite, ma anyị enweghị ike ime nke a n'ihi nsogbu ndị nwere ike ime na "piracy" nke ụdị azụmahịa, mana iji kwụọ ụgwọ maka adịghị ike a, anyị na-egosipụta nke ọma ọdịnaya nke ntinye mbinye aka. Anyị ji nzuzo kpọrọ ihe ma na-atụ aro ka ị nyochaa nke a n'onwe gị site na iji ihe nkesa proxy.
Atụmatụ Nemesida WAF efu:
- nchekwa data mbinye aka dị elu nwere ọnụ ọgụgụ kacha nta nke ezigbo adịgboroja na ụgha ụgha.
- ntinye na mmelite site na ebe nchekwa (ọ dị ngwa ma dị mma);
- ihe omume dị mfe na nghọta gbasara ihe omume, ọ bụghịkwa "ọgbaghara" dịka NAXSI;
- kpamkpam n'efu, enweghị mgbochi na ọnụọgụ okporo ụzọ, ndị ọbịa mebere, wdg.
N'ikpeazụ, m ga-enye ọtụtụ ajụjụ iji nyochaa arụmọrụ WAF (a na-atụ aro ka ị jiri ya na mpaghara ọ bụla: URL, ARGS, Headers & Body):
')) un","ion se","lect 1,2,3,4,5,6,7,8,9,0,11#"]
')) union/**/select/**/1,/**/2,/**/3,/**/4,/**/5,/**/6,/**/7,/**/8,/**/9,/**/'some_text',/**/11#"]
union(select(1),2,3,4,5,6,7,8,9,0x70656e746573746974,11)#"]
')) union+/*!select*/ (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
')) /*!u%6eion*/ /*!se%6cect*/ (1),(2),(3),(4),(5),(6),(7),(8),(9.),(0x70656e746573746974),(11)#"]
')) %2f**%2funion%2f**%2fselect (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
%5B%221807182982%27%29%29%20uni%22%2C%22on
%20sel%22%2C%22ect%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C%2some_text%27%2C11%23%22%5D
cat /et?/pa?swd
cat /et'c/pa'ss'wd
cat /et*/pa**wd
e'c'ho 'swd test pentest' |awk '{print "cat /etc/pas"$1}' |bas'h
cat /etc/passwd
cat$u+/etc$u/passwd$u
<svg/onload=alert()//
Ọ bụrụ na egbochighị arịrịọ ndị ahụ, mgbe ahụ o yikarịrị ka WAF ga-atụfu ezigbo ọgụ. Tupu iji ihe atụ, hụ na WAF anaghị egbochi arịrịọ ziri ezi.
isi: www.habr.com