cancel
Showing results for 
Search instead for 
Did you mean: 

WAFの検知テスト(WAF detection test)

gmt20trisc00
Nimbostratus
Nimbostratus

AWS WAF(F5マネージドルール)が正常に適用されているかどうかをテストする方法を教えてください。

WAFによってブロックされていることを確認したいと思います。

Please tell me how to test whether AWS WAF (F5 Managed Rules) is applied normally.

I want to make sure it is blocked by the WAF.

1 REPLY 1

Hi @gmt20trisc00

are you looking for a basic test to verify that the rules are detecting attacks? You could try some proof of concept exploit like appending one of these two examples to your URL.

/?cmd=cat%20/etc/passwd

or

/<script>alert("XSS Attack");</script>

That'll do no harm, but an active WAF should block these requests (or, if not in blocking mode, raise an alert).

KR
Daniel