WAF (Web Application Firewall) and "403 Forbidden" error

Posted under » PHP » AWS on 22 July 2023

It took me a while that when I want to use php, the AWS load balancer will give out

"403 Forbidden". Aparently WAF is blocking my php files.

Pre-defined rule set includes protection against:

SQL Injection

XSS Attacks

Local and Remote File Inclusion

Size Restrictions

Command Injection

Unknown Bad Inputs

• Malicious file extensions (e.g., .php, .exe)
• Directory traversal characters (e.g., “..”)
• Command injection payloads
• Java Deserialization payloads
• Localhost in the host header
• PROPFIND HTTP method
• Shell metacharacters (e.g. |, >, <, )
• Arbitrary code execution payloads
• LDAP injection payloads
• XPath injection payloads
• XML External Entity (XXE) payloads

© 2009-2023 anoneh.com | Home | About | My Wordpress | Tumblr | Blogger | Gallery