Forum Discussion

kaoutar's avatar
kaoutar
Icon for Cirrus rankCirrus
Apr 12, 2023

blocking ZAP tool

Hi All, we noticed recently that some attackers use the ZAP tool to scan our web apps and most of those requests generate some issues, we tried to block these requests using attack signature based o...
security
Paulius's avatar
Paulius
Icon for MVP rankMVP
Apr 12, 2023

kaoutar If you can figure out an HTTP header that is always added for this tool you can block it by searching the HTTP header value and if located the connection is dropped.

  • kaoutar's avatar
    kaoutar
    Icon for Cirrus rankCirrus
    Apr 12, 2023

    Thank you Paulius, Unfortunately the matching key exists only on the payload of the Post request, nothing unusual in the URI or the header

    • CA_Valli's avatar
      CA_Valli
      Icon for MVP rankMVP
      Apr 12, 2023

      Is the key static? Intercepting payload content is possible with irules 

      • kaoutar's avatar
        kaoutar
        Icon for Cirrus rankCirrus
        Apr 12, 2023

        Yes, it's a static key