Forum Discussion

gmt20trisc00's avatar
gmt20trisc00
Icon for Nimbostratus rankNimbostratus
Jun 17, 2022

WAFの検知テスト(WAF detection test)

AWS WAF(F5マネージドルール)が正常に適用されているかどうかをテストする方法を教えてください。

WAFによってブロックされていることを確認したいと思います。

Please tell me how to test whether AWS WAF (F5 Managed Rules) is applied normally.

I want to make sure it is blocked by the WAF.

  • Hi gmt20trisc00

    are you looking for a basic test to verify that the rules are detecting attacks? You could try some proof of concept exploit like appending one of these two examples to your URL.

    /?cmd=cat%20/etc/passwd

    or

    /<script>alert("XSS Attack");</script>

    That'll do no harm, but an active WAF should block these requests (or, if not in blocking mode, raise an alert).

    KR
    Daniel