WAF (Web Application Firewall) and "403 Forbidden" error

WAF (Web Application Firewall) and "403 Forbidden" error

Posted under » PHP » AWS on 22 July 2023

It took me a while that when I want to use php, the AWS load balancer will give out

"403 Forbidden". Aparently WAF is blocking my php files.

Pre-defined rule set includes protection against:

SQL Injection

XSS Attacks

Local and Remote File Inclusion

Size Restrictions

Command Injection

Unknown Bad Inputs

Malicious file extensions (e.g., .php, .exe)
Directory traversal characters (e.g., “..”)
Command injection payloads
Java Deserialization payloads
Localhost in the host header
PROPFIND HTTP method
Shell metacharacters (e.g. |, >, <, )
Arbitrary code execution payloads
LDAP injection payloads
XPath injection payloads
XML External Entity (XXE) payloads