Hi, i have this rule
mydomain.com/Liefer-und-Versandkosten:‘;print(md5(acunetix_wvs_security_test));%24a%3D’:1.html
the beginning and the end are specific, this
mydomain.com/Liefer-und-Versandkosten
and this
:1.html
This part:
acunetix_wvs_security_test
is an attack.
How can i build a page rule for every page on my website, just looking for “acunetix_wvs_security_test” in URL ?
regards karsten
sandro
April 11, 2019, 7:47am
2
What exactly do you want to accomplish? Shouldnt that be a firewall rule instead of a page rule?
The idea was "if URL contains acunetix_wvs_security_test, set Security Level to “I’m unter Attack”.
So as firewall rule, would it be like this ?
URL Query String contains acunetix_wvs_security_test
sandro
April 11, 2019, 9:56am
4
Query string? What you posted earlier was part of the path.
If you just want to switch to “Under Attack” I’d use a firewall rule and impose a JavaScript challenge for these requests.
The idea was this:
the attacker sends 100 attacking paths. I don’t know 80 of them, but 20.
So if he hits one of my “known paths”, it’s not only this path blocked, but the complete website switching to “i’m under attack”. So that further, unknown attacking paths are at least challenged by JavaScript.
So how should this look like?
sandro
April 11, 2019, 10:17am
6
A page rule would not switch the entire domain, only that path.
Can you post an excerpt of these URLs?
/Kontakt:%22;print(md5(acunetix_wvs_security_test));%24a%3d%22:7.html
/index.php?action=acu6802%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca6802&cPath=14_21&page=3/UA0uNayI’));select%20pg_sleep(64.874);%20–%20:_:11.html
/Liefer-und-Versandkosten:‘;print(md5(acunetix_wvs_security_test));%24a%3d’:1.html
https://www.mydomain.com:443/[email protected]
/?MODsid=…/…/…/…/…/…/…/…/…/…/boot.ini
/?MODsid=(select%20convert(int%2cCHAR(65)))
/?../…/…/…/…/…/…/…/…/… /etc/passwd/ ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././
What i would like to know is how to place placeholders, something like
/md5(acunetix_wvs_security_test)/ *
or
%md5(acunetix_wvs_security_test)%
sandro
April 11, 2019, 10:34am
10
Something like that might work
However I’d still use a firwall rule instead.
What user agent do these requests send?
no idea didn’t look when last attack happened.
What should i choose?
URl Path contains ?
okay i deployed it as firewall rule now, we’ll see
thanks
sandro
April 11, 2019, 10:42am
14
You should remove the slash and the asterisks in the first expression.
system
Closed
May 11, 2019, 7:46am
15
This topic was automatically closed after 30 days. New replies are no longer allowed.