Help Center
Release Notes
Indusface
Help Center
Release Notes
Indusface
AppTrana
Indusface WAS
Additional Resources
AppTrana Protection WAF Rules CoverageIndusface WAS Scanned VulnerabilitiesAppTrana API Protection - OWASP Top 10 of 2019API Scan Coverage for OWASP Top 10OWASP API Security Top 10 2023 – AppTrana API Protection
Zero-Day Vulnerability Reports
Security Bulletins
Vulnerability data
Vulnerabilities 2024
Other Vulnerabilities
AppTrana API Integration
Indusface Partner APIsUpdate Origin Server Address through API Call

AppTrana Protection WAF Rules Coverage

AppTrana > WAF Rules coverage > Rules Coverage Report

Rules Coverage Report

 

Summary: Most WAF solution fails, as application security is complex and creating rules inhouse is a time-consuming job which requires expertise. Other Cloud security solutions that provides WAF generally go with cookie cutter solution. They provide certain generic rules and then provide customer means to write rules by themselves. It is up to the organizations to fine tune the rules to meet the application needs. Since default rules create false positives and fine-tuning rules becomes complex over time, organizations end up giving up on WAF compromising security for convenience. We at Indusface approach the problem differently. We believe, security of the application starts with detection and AppTrana ensures that all the vulnerabilities are detected and we also ensure it is protected by expert written rules. Our experts fine-tune the rules based on the application need to avoid false positives and ensure that your application remain secure round the clock.

The following checklist gives you overview of rule coverage provided by AppTrana’ s different rules.

Advance Rules: Rules which are fine tuned for FPs and are put in block mode from day zero.

Premium Rules: Rules which are applied to site and moved to block mode after monitoring traffic for 14 days ensuring there are no FPs.

Custom Rules: Rules which are written for specific application needs in consultation with customer.

Summary:

S.noCategorySeverityRule TypeRule Description
1HTTP Method Restriction PolicyCriticalPremiumNon-supported HTTP request method (other than GET, POST & HEAD) detected.
2HTTP Header Restriction PolicyCriticalAdvanceNon-supported HTTP request headers detected.
3Encoding Abuse Attacks Protection PolicyCriticalAdvanceEncoding Abuse Attacks
4Bot Protection PolicyCriticalAdvanceSecurity scanner related HTTP header detected.
5Bot Protection PolicyCriticalPremiumAutomated program based User-Agent/HTTP header detected.
6Blind SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected in HTTP request cookies and XML requests.
7Blind SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected in HTTP request URI and arguments.
8Blind SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected -  1.
9Blind SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected -  2.
10SQL Injection Protection PolicyCriticalPremiumSQL Injection attempt detected in HTTP request cookies and XML requests.
11SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected in HTTP request URI and arguments.
12SQL Injection Protection PolicyCriticalPremiumSQL Injection attempt detected -  1.
13SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected in HTTP request cookies or in XML requests.
14SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected -  2.
15Cross-Site Scripting Protection PolicyCriticalAdvanceCross-Site Scripting attack attempt detected in HTTP request Cookies and XML requests.
16Cross-Site Scripting Protection PolicyCriticalPremiumCross-Site Scripting attack attempt detected in HTTP request URI, Arguments and XML reuqests - 1.
17File Injection Protection PolicyCriticalAdvanceFile injection attempt detected in HTTP request header and XML requests.
18File Injection Protection PolicyCriticalAdvanceFile injection attempt detected in HTTP request URI and arguments.
19SSI Injection Protection PolicyCriticalAdvanceServer side Injection attempt detected in HTTP request URI or arguments.
20SSI Injection Protection PolicyCriticalAdvanceServer side Injection attempt detected in HTTP headers or XML file.
21PHP Injection Protection PolicyCriticalAdvancePHP injection attempt detected in HTTP request URI and arguments.
22SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected -  3.
23SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected in HTTP request URI , arguments or HTTP Headers.
24Bot Protection PolicyErrorAdvanceBad reputated IP detected.
25Local File Inclusion Protection PolicyCriticalAdvanceLocal File Inclusion (LFI) attempt detected via file traversal character sequences.
26Local File Inclusion Protection PolicyCriticalPremiumLocal File Inclusion (LFI) attempt detected using path pointing from root directory.
27Base64 Encoding Abuse Attacks Protection PolicyCriticalAdvanceBase64-encoded payload detected in HTTP request.
28Remote File Inclusion Protection PolicyCriticalPremiumRemote File Inclusion (RFI) attempt detected.
29Blind SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected -  3.
30SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected in HTTP request URI , arguments or Cookie.
31Blind SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected -  4.
32SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected -  4.
33SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected in HTTP request URI , arguments or Cookie.
34JavaScript Encoding Abuse Attacks Protection PolicyCriticalAdvanceJavaScript encoding abuse detected -  1.
35JavaScript Encoding Abuse Attacks Protection PolicyCriticalAdvanceJavaScript encoding abuse detected -  2.
36GNU Bash Remote Code Execution (CVE-2014-6271) Protection PolicyCriticalAdvanceGNU Bash remote code execution (CVE-2014-6271) detected - 1.
37SQL Injection Protection PolicyCriticalAdvanceBlind SQL Injection attempt detected in HTTP request URI , arguments or Request Headers.
38PHP Injection Protection PolicyCriticalAdvancePHP injection attempt detected in HTTP request header and XML requests.
39GNU Bash Remote Code Execution (CVE-2014-6271) Protection PolicyCriticalAdvanceGNU Bash remote code execution (CVE-2014-6271) detected - 2.
40GNU Bash Remote Code Execution (CVE-2014-6271) Protection PolicyCriticalAdvanceGNU Bash remote code execution (CVE-2014-6271) detected - 3.
41GNU Bash Remote Code Execution (CVE-2014-6271) Protection PolicyCriticalAdvanceGNU Bash remote code execution (CVE-2014-6271) detected - 4.
42HTTP Response Splitting Protection PolicyCriticalAdvanceHTTP response splitting attempt detected in HTTP request cookies -  1.
43HTTP Response Splitting Protection PolicyCriticalAdvanceHTTP response splitting attempt detected in HTTP request cookies -  2.
44SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected -  5.
45OS Command Injection Protection PolicyCriticalAdvanceSystem command injection attempt detected -  1.
46OS Command Injection Protection PolicyCriticalAdvanceSystem command injection attempt detected -  2.
47SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected -  6.
48Local File Inclusion Protection PolicyCriticalAdvanceLocal File Inclusion (LFI) attempt detected via "\\\" character sequences.
49HTTProxy Protection PolicyCriticalAdvanceHTTP Proxy request header detected.
50SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected in HTTP request URI , arguments ,HTTP Headers or XML file.
51Cross-Site-ScriptingCriticalPremiumCross-Site Scripting attack attempt detected in HTTP request URI, Arguments and XML reuqests - 2
52Bot Protection PolicyCriticalAdvanceSecurity scanner related URI detected.
53Bot Protection PolicyCriticalAdvanceCommand Line Tool/Library related User-Agent/HTTP header (from internal database) detected.
54Cross-Site Scripting Protection PolicyCriticalPremiumCross-Site-Scripting
55Apache Struts2 REST XStream RCE Vulnerability Protection PolicyCriticalAdvanceRemote code execution attempt via suspicious Java class detected. User can execute system commands via processbuilder or runtime calls and an attacker can misuse these classes submitting improperly sanitized objects to run malicious system commands.
56SQL Injection Protection PolicyCriticalAdvanceSQL Injection attempt detected -  7.
57Cross-Site Scripting Protection PolicyCriticalAdvanceCross-Site-Scripting
58Generic Deserialization Defence for JavaHighAdvanceGeneric Deserialization attempt detected in Java.
59Generic Deserialization Defence for JavaHighAdvanceGeneric Deserialization attempt detected in Java.
60Generic Deserialization Defence for Microsoft productsHighAdvanceGeneric Deserialization attempt detected in Microsoft Products.
61Generic Deserialization Defence for Ruby on RailsHighAdvanceGeneric Deserialization attempt detected in Ruby on Rails.
62Generic Deserialization Defence for Ruby on RailsHighAdvanceGeneric Deserialization attempt detected in Ruby on Rails.
63XML External Entity (XXE) Injection PolicyHighAdvanceXML External Entity (XXE) Injection attempt detected as local file inclusion.
64Possible Apache Struts OGNL RCE Protection PolicyCriticalAdvancePossible Apache Struts OGNL Code Execution Policy
65Apache Tomcat Remote Code Execution Vulnerability Protection PolicyCriticalAdvanceApache Tomcat Remote Code Execution (CVE-2019-0232) attack attempt detected.
66Possible Malicious File UploadCriticalAdvanceFile upload with malicious extensions detected
67HTML5 ping DOS Protection PolicyCriticalAdvanceDoS attack using Ping headers in HTML5 - 1.
68HTML5 ping DOS Protection PolicyCriticalAdvanceDoS attack using Ping headers in HTML5 - 2.
69HTML5 ping DOS Protection PolicyCriticalAdvanceDoS attack using Ping headers in HTML5 - 3.
70IIS Remote Code Execution Protection PolicyCriticalAdvanceMicrosoft IIS HTTP.sys Remote Code Execution Exploit attempt (CVE-2014-6321)
71Apache DOS Protection PolicyHighAdvanceAttempt to exploit DOS on Apache Server Based on Range Header
72PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
73PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
74PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
75PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
76PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
77PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
78PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
79PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
80PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
81PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
82PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
83PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
84PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to exploit Remote Code Execution based on php vulnerabilities
85PHP Remote Code Execution Protection PolicyHighPremiumAttempt to detect possibility of Remote Code Execution based on php vulnerabilities
86PHP Remote Code Execution Protection PolicyHighAdvanceAttempt to detect possibility of Remote Code Execution based on php vulnerabilities
87Malicious File Upload Attacks: Blocking Large File upload AttemptsCriticalAdvanceMalicious File Upload Attacks: Blocking Large File upload Attempts
88CVE-2020-5902 F5 BIG-IP RCECriticalAdvanceCVE-2020-5902 F5 BIG-IP Remote Code Execution
89Bot Protection PolicyCriticalAdvanceMalicious bot related User-Agent/HTTP header detected.
90Bot Protection PolicyCriticalAdvanceWebsite Security Scanner related User-Agent/HTTP header detected.
91Bot Protection PolicyCriticalAdvanceWebsite Crawler related User-Agent/HTTP header detected.
92Bot Protection PolicyCriticalAdvanceWebsite Scrappers related User-Agent/HTTP header detected.
93ESI Injection VulnerabilityCriticalAdvanceRule to detect ESI Injection Vulnerability in request body or header or uri
94Invalid Content-Length HTTP headerCriticalAdvanceInvalid Content-Length HTTP header
95HTTP Request Smuggling AttackCriticalAdvanceHTTP Request Smuggling Attack
96Unicode Full/Half Width Abuse Attack AttemptCriticalAdvanceUnicode Full/Half Width Abuse Attack Attempt
97URL file extension is restricted by policyCriticalAdvanceURL file extension is restricted by policy
98Attempt to access a backup or working fileCriticalAdvanceAttempt to access a backup or working file
99Request with Header x-up-devcap-post-charset detected in combination with \'UP\' User-Agent prefixCriticalAdvanceRequest with Header x-up-devcap-post-charset detected in combination with \'UP\' User-Agent prefix
100HTTP Request Smuggling AttackCriticalAdvanceHTTP Request Smuggling Attack
101HTTP Request Smuggling AttackCriticalAdvanceHTTP Request Smuggling Attack
102HTTP Header Injection Attack via payload (CR/LF and header-name detected)CriticalAdvanceHTTP Header Injection Attack via payload (CR/LF and header-name detected)
103HTTP Splitting (CR/LF in request filename detected)CriticalAdvanceHTTP Splitting (CR/LF in request filename detected)
104Node.js-injection AttacksCriticalAdvanceNode.js Injection Attack
105Apache Struts and Java AttacksCriticalAdvanceRemote Command Execution: Java process spawn (CVE-2017-9805)
106Apache Struts and Java AttacksCriticalAdvanceSuspicious Java class detected
107Apache Struts and Java AttacksCriticalAdvanceBase64 encoded string matched suspicious keyword
108Remote File Inclusion AttacksCriticalAdvancePossible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload
109PHP Injection Attack: PHP Open Tag FoundCriticalAdvancePHP Injection Attack: PHP Open Tag Found
110PHP Injection Attack: Configuration Directive FoundCriticalAdvancePHP Injection Attack: Configuration Directive Found
111PHP Injection Attack: Variables FoundCriticalAdvancePHP Injection Attack: Variables Found
112PHP Injection Attack: I/O Stream FoundCriticalAdvancePHP Injection Attack: I/O Stream Found
113PHP Injection Attack: Wrapper scheme detectedCriticalAdvancePHP Injection Attack: Wrapper scheme detected
114PHP Injection Attack: High-Risk PHP Function Call FoundCriticalAdvancePHP Injection Attack: High-Risk PHP Function Call Found
115PHP Injection Attack: Serialized Object InjectionCriticalAdvancePHP Injection Attack: Serialized Object Injection
116PHP Injection Attack: Variable Function Call FoundCriticalPremiumPHP Injection Attack: Variable Function Call Found
117Path Traversal Attack (/../)CriticalAdvancePath Traversal Attack (/../)
118Restricted File Access AttemptCriticalAdvanceRestricted File Access Attempt
119OS File Access AttemptCriticalAdvanceOS File Access Attempt
120Cross-site-scripting AttemptCriticalPremiumCross-site-scripting Attempt
121NoScript XSS InjectionChecker: Attribute InjectionCriticalPremiumNoScript XSS InjectionChecker: Attribute Injection
122IE XSS Filters - Attack DetectedCriticalPremiumIE XSS Filters - Attack Detected
123IE XSS Filters - Attack DetectedCriticalPremiumIE XSS Filters - Attack Detected
124JavaScript global variable foundCriticalPremiumJavaScript global variable found
125Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2017-5638) using echo and expr commands in Apache Struts via content-type request header detected. The Jakarta Multipart parser in Apache Struts has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands.
126Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2017-5638) using variations of grep commands in Apache Struts via content-type request header detected. The Jakarta Multipart parser in Apache Struts has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands.
127Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2017-5638) using variations of grep commands in Apache Struts via content-type request header detected. The Jakarta Multipart parser in Apache Struts has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands.
128Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2017-5638) using cc or wget commands in Apache Struts via content-type request header detected. The Jakarta Multipart parser in Apache Struts has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands.
129Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2017-5638) using commands in Apache Struts via content-type request header detected. The Jakarta Multipart parser in Apache Struts has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands.
130Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2017-5638) using linux system commands in Apache Struts via content-type request header detected. The Jakarta Multipart parser in Apache Struts has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands.
131Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2017-5638) using windows system commands in Apache Struts via content-type request header detected. The Jakarta Multipart parser in Apache Struts has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands.
132Apache Struts Remote Code Execution PolicyCriticalAdvanceRemote code execution attempt (CVE-2018-11776 and CVE-2017-5638) in Apache Struts via suspicious Java class detected. The vulnerability exists in the core of Apache Struts due to improper validation of user-provided untrusted inputs under certain configurations causing remote code execution.
133Advanced SQL Injection AttacksCriticalAdvanceSQL Injection Attack: Common DB Names Detected
134Advanced SQL Injection AttacksCriticalAdvanceDetects blind sqli tests using sleep() or benchmark() including Conditional Queries
135Advanced SQL Injection AttacksCriticalAdvancePostgres/MongoDB based SQLi Attempt Detected
136Advanced SQL Injection AttacksCriticalAdvanceDetects MySQL and PostgreSQL stored procedure/function injections
137Advanced SQL Injection AttacksCriticalAdvanceMySQL in-line comment detected
138Advanced SQL Injection AttacksCriticalAdvanceDetects MySQL charset switch and MSSQL DoS attempts
139Advanced SQL Injection AttacksCriticalAdvanceSQL Injection Attack
140Advanced SQL Injection AttacksCriticalAdvanceSQL Injection Attack
141Advanced SQL Injection AttacksCriticalAdvanceSQL Injection Attack
142Malicious File Upload Attacks: Preventing all File Upload AttemptsCriticalAdvanceMalicious File Upload Attacks: Preventing all File Upload Attempts
143Malicious File Upload Attempt: Denying all Non-Document File upload AttemptsCriticalAdvanceMalicious File Upload Attempt: Denying all Non-Document File upload Attempts
144Malicious File Upload Attacks: Denying all Non-Media File upload AttemptsCriticalAdvanceMalicious File Upload Attacks: Denying all Non-Media File upload Attempts
145Malicious File Upload Attacks: Denying all Non-Document and Non-Media File upload AttemptsCriticalAdvanceMalicious File Upload Attacks: Denying all Non-Document and Non-Media File upload Attempts
146Advanced Command Injection AttacksCriticalAdvanceRemote Command Execution: Windows Command Injection
147Advanced Command Injection AttacksCriticalAdvanceRemote Command Execution: Unix Command Injection
148Advanced Command Injection AttacksCriticalAdvanceRemote Command Execution: Windows Command Injection
149Advanced Command Injection AttacksCriticalAdvanceRemote Command Execution: Unix Shell Expression Found
150HTTP Request Smuggling AttackCriticalAdvanceHTTP Request Smuggling identified with multiple Content-Length HTTP headers
151HTTP Request Smuggling AttackCriticalAdvanceUnusual HTTP Protocol Format
152HTTP Request Smuggling AttackCriticalAdvanceHTTP Request Smuggling Attack
153HTTP Request Smuggling AttackCriticalAdvanceAdvanced HTTP Request Smuggling Attack Identified
154HTTP Request Smuggling AttackCriticalAdvancePossible HTTP Request Smuggling Attack
155JAVA SPRING RCE AttackCriticalAdvanceRestricted JAVA SPRING RCE Attack Detected for CVE-2022-22963.
156MS Http.sys RCE vulnerabilityCriticalAdvanceRule to block MS Http.sys RCE attacks
157Apache Http Server Path Traversal VulnerabilityCriticalAdvanceRule to prevent path traversal attack
158Apache Log4j Remote Code Execution VulnerabilityCriticalAdvanceApache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) attack detected
159Apache Log4j Remote Code Execution VulnerabilityCriticalAdvanceApache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) attack detected
160Apache Log4j Remote Code Execution VulnerabilityCriticalAdvanceRestricted malicious requests with apache log4j DOS attack CVE-2021-45105
161Apache Log4j Remote Code Execution VulnerabilityCriticalAdvanceRestricts malicious requests with apache log4j CVE-2021-45046 DOS attack
162Apache Log4j Remote Code Execution VulnerabilityCriticalAdvanceApache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) attack detected
163PHP Remote Code ExecutionCriticalAdvanceAttempt to detect possibility of Remote Code Execution based on php vulnerabilities
164Path Traversal CoverageCriticalAdvanceRule to cover encoded payloads (..2f..2f|2e2e2f|326532653266)
165Cross Site Scripting AttackCriticalAdvanceThis rule prevents Cross-Site-Scripting attacks by idThis rule prevents Cross-Site-Scripting attacks by identifying and preventing XSS payloads.entifying and preventing XSS payloads.
166JSON SQL Injection AttackCriticalAdvanceJSON SQL Injection attempt detected in HTTP request URI and arguments.
167ProxyNotShell (CVE-2022-40140 & CVE-2022-41082)CriticalAdvanceMS Exchange ProxyNotShell (CVE-2022-40140 & CVE-2022-41082) Attack Detected.
168Advanced SQL Injection AttacksCriticalAdvanceThis rule detects JSON based SQL injection.
169Java AttacksCriticalAdvanceThis rule detects Java class reflection usage to execute methods that allow OS commands execution.
170Content InjectionCriticalAdvanceHTML content injection within Request URL detected.
171SQL InjectionCriticalAdvanceSQL Injection attempt detected in HTTP request URI and arguments.
172LDAP InjectionCriticalAdvanceTo identify LDAP injection attacks
173Command InjectionCriticalAdvanceTo identify command injection attacks
174Manage Engine Remote Code ExecutionCriticalAdvanceCVE-2022-47966 Manage Engine Remote Code Execution
175Apache Struts and Java AttacksCriticalAdvanceApache Struts and Java Attacks
176MOVEit Transfer Vulnerability PolicyCriticalAdvanceMOVEit Transfer Vulnerability Policy
177MOVEit Transfer Vulnerability PolicyCriticalAdvanceMOVEit Transfer Vulnerability Policy
178MOVEit Transfer Vulnerability PolicyCriticalAdvanceMOVEit Transfer Vulnerability Policy
179MOVEit Transfer Vulnerability PolicyCriticalAdvanceMOVEit Transfer Vulnerability Policy
180MOVEit Transfer Vulnerability PolicyCriticalAdvanceMOVEit Transfer Vulnerability Policy
181MOVEit Transfer Vulnerability PolicyCriticalAdvanceMOVEit Transfer Vulnerability Policy
182Bot AttacksCriticalAdvanceBot Attacks
183Remote Unauthenticated API Access Vulnerability(CVE-2023-35078) policyCriticalAdvanceRemote Unauthenticated API Access Vulnerability(CVE-2023-35078)
184Cross-Site-Scripting AttacksCriticalAdvanceThis rule prevents SSTI Injection Attacks
185Privilege Escalation in WooCommerce WordPress Vulnerability PolicyCriticalAdvanceCVE-2023-28121 Privilege Escalation in WooCommerce Payments plugin for WordPress Vulnerability
186PHP File Upload detection policyCriticalAdvancePHP File Upload detection policy
187Adobe Cold Fusion Vulnerability PolicyCriticalAdvanceCVE-2023-29298 Adobe ColdFusion Access Control Bypass
188Adobe Cold Fusion Vulnerability PolicyCriticalAdvanceCVE-2023-38203 Adobe ColdFusion Deserialization Vulnerability
189Cross-Site-Scripting Attack PolicyCriticalAdvanceCross-Site-Scripting attack detection.
190Cross-Site-Scripting Attack PolicyCriticalAdvanceCross-Site Scripting attack attempt detected in Multiple targets.
191Remote Code Execution (RCE) Detection PolicyCriticalAdvanceRemote Code Execution (RCE) attack attempt detected in Multiple targets.
192LDAP Injection PolicyCriticalAdvanceLDAP Injection at arguments and XML
193NoSQLI Injection PolicyCriticalAdvanceNoSQLI Injection Detection
194LFI Attack PolicyCriticalAdvanceLFI attacks
195PHP Injection Attacks PolicyCriticalAdvancePHP Injection attacks
196Server Side Template Injection PolicyCriticalAdvanceServer Side Template Injection detection
197Server-Side Request Forgery (SSRF) PolicyCriticalAdvanceServer-Side Request Forgery (SSRF) detection
198GraphQL PolicyCriticalAdvanceGraphQL detetction
199CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server PolicyCriticalAdvanceCoverage for CVE-2023-22515 and CVE-2023-22518
200SQL Injection AttacksCriticalAdvanceSQL Injection attempt detection
201Remote Code Execution (RCE) Detection PolicyCriticalAdvanceRemote Code Execution (RCE) Attack Detection at Cookie
202Base64 Encoded Attack Detection PolicyCriticalAdvanceBase64 Encoding Attack Detection
203Base64 Encoded Attack Detection PolicyCriticalAdvanceBase64 Encoding Detected
204Apache OFBiz Auth bypass and Pre-Auth RCE Vulnerability (CVE-2023-49070 and CVE-2023-51467) policyCriticalAdvanceApache OFBiz Auth bypass and Pre-Auth RCE Vulnerability (CVE-2023-49070 and CVE-2023-51467) detection
205Apache Hadoop and Flink application Misconfiguration exploitation detection policyCriticalAdvanceApache Hadoop and Flink application Misconfiguration exploitation detection policy
206Server-Side Request Forgery leading to RCE in the SAML component of Ivanti(CVE-2024-21893 & CVE-2024-21887) detectedCriticalAdvanceServer-Side Request Forgery leading to RCE in the SAML component of Ivanti(CVE-2024-21893 & CVE-2024-21887) detected
207Auth bypass ScreenConnect CVE-2024-1708 and CVE-2024-1709 PolicyCriticalAdvanceAuth bypass ScreenConnect CVE-2024-1708 and CVE-2024-1709 Detection
208Base64 Encoded Attack Detection PolicyCriticalAdvanceMalicious Base64 Encoding detected at useragent.
209SQL Injection AttacksCriticalAdvanceSQL Injection detected at useragent.
210Jet Brains Auth Bypass PolicyCriticalAdvanceJet Brains Auth Bypass Policy
211CVE-2024-23897 Jenkins Code Execution PolicyCriticalAdvanceJenkins Remote Code Execution Policy CVE-2024-23897
212Possible Unauthenticated Privilege Escalation (CVE 2024-2172) PolicyCriticalAdvancePossible Unauthenticated Privilege Escalation Detection
213SQL Injection AttacksCriticalAdvanceSQL Injection Attack Detection at multiple targets
214Advance Threat Detection PolicyCriticalAdvanceMalicious command Injection Attack Detection at multiple targets
215Advance Threat Detection PolicyCriticalAdvanceMalicious Injection Attack Detection at Request Headers
216Advance Threat Detection PolicyCriticalAdvanceObfuscated Injection Attack Detection at multiple targets
217Advance Threat Detection PolicyCriticalAdvancePath traversal and sensitive file access attempt at Headers and Arguments
218Advance Threat Detection PolicyCriticalAdvanceSSRF attempt at Headers and Arguments
219Advance Threat Detection PolicyCriticalAdvanceBase64 encoded Malicious Injection Detection at multiple targets like URL, Headers, Body, ARGS etc.,
220Advance Threat Detection PolicyCriticalAdvanceCross Site Scripting detection at Headers and arguments
221Incorrect Authorization in Apache OFBiz (CVE-2024-38856)CriticalAdvanceCVE-2024-38856, CVE-2024-36104 and CVE-2024-32113 Incorrect Authorization vulnerability leading to RCE in Apache OFBiz
222Incorrect Authorization in Apache OFBiz (CVE-2024-38856)CriticalAdvanceCVE-2024-38856, CVE-2024-36104 and CVE-2024-32113 Incorrect Authorization vulnerability leading to RCE in Apache OFBiz. Rule checks for encoded unicode characters sent from groovyprogram argument.
223Advance Threat Detection PolicyCriticalAdvancePath traversal and sensitive file access attempt detected at URL
224Advance Threat Detection PolicyCriticalAdvanceSQL Injection attempt detected at Arguments
225Advance Threat Detection PolicyCriticalAdvanceCommand Injection attempt detected at Arguments
226Cross-Site Scripting Protection PolicyHighAdvanceCross-Site-Scripting attacks detected
227VMWare Aria Remote Code Execution PolicyCriticalAdvanceVMWare Aria Remote Code Execution Policy
228Restrict Access to Suspicious Apache Tomcat Default Web Management PagesCriticalAdvanceRestrict Access to Suspicious Apache Tomcat Default Web Management Pages
229Malware PolicyCriticalAdvanceMalware Policy
230Illegal Content-type Header Detection PolicyCriticalAdvanceMultiple Content-type Header detection in a Request Header
231WordPress URLs Protection PolicyCriticalAdvanceWordPress User Enumeration Policy
232WordPress URLs Protection PolicyCriticalAdvanceWordPress User Enumeration-1 Policy
233WordPress URLs Protection PolicyCriticalAdvanceWordpress Popup-Maker Injection Policy
234WordPress URLs Protection PolicyCriticalAdvanceWordPress Plugin Verison Disclosure Policy
235WordPress URLs Protection PolicyCriticalAdvanceWordPress Google Maps SQL Injection Policy
236WordPress URLs Protection PolicyCriticalAdvanceWordPress xmlrpc Blocking Policy
237WordPress URLs Protection PolicyCriticalAdvanceDetect attempts to use phpinfo or unauthorized file deletion through specific callback parameter
238WordPress URLs Protection PolicyCriticalAdvancePrevent retrieval of user emails based on specific roles (administrator, subscriber)
239WordPress URLs Protection PolicyCriticalAdvanceExternal URL injection attempts within nested 'args' parameters
240Malicious Pattern Detection-1CriticalAdvanceMalicious Injection Attack Detection at multiple targets

Apart from this, specific custom rules are written to address application specific needs. These rules are again created by Indusface security experts. Certain use cases that can be addressed are provided below, please note these are not comprehensive and should be used to judge the type of use cases that can be addressed through AppTrana.

Theft/DLP Protection:

Customers who need to protect sensitive information protected and ensure certain information do not leave the organization can request for response based rule, which would monitor their response traffic and mask sensitive data. When these rules are enabled, sensitive information will be masked on the logs as well.

Response based rules are highly intrusive and should be enabled judiciously as it may affect functioning of the application.

BAD IP Protection:

Indusface provide IP protection that shows IP’s which are malicious. customers can choose to monitor these malicious IP’s either manually or have automated rule enabled that could block these IP’s automatically. IP’s with bad reputation is identified by using internal Global Threat Platform which identifies malicious IP’s based on behaviour across all sites under Indusface Protection. Apart from this Global Threat Platform also gets periodic updates from Global 3rd party database which marks certain IP malicious.

Customer can also choose to have TOR IP’s blocked through custom rule.

Protection Against Hidden Form Fields:

If customers have any hidden form fields and want to restrict requests which sends out of bound values for the field, then customer can request for custom rule which would be written by our security experts based on their need.

File Upload Violation:

Customers based on application need can request for custom rule written to avoid file uploads that does not meet the acceptable parameters.

Positive Security Rules:

Customer can choose to enable positive security model, in which some or all negative model rules would be disabled for the customer based on their need and positive security rules created which would take into accepted values for various fields like URLs, directories, cookies, headers, form/query parameters, File upload Extensions, Allowed metacharacters etc and allow only values that meets the accepted parameters.

Honeypot Bot Defender Rule:

We have enhanced our Bot defender rules that can identify malicious bots through honeypots and block them. If a new malicious bot is identified when it attacks one of the protected site, this information will be registered in our global threat intelligence database and attack from same botnet on any other sites under our protection will be blocked faster.

Behaviour Rules:

We have sophisticated anomaly scoring/ behaviour rules that changes the protection status of rules based on certain behaviour observed in the application. This can be done at application level or at a specific page level.

Tampering Protection Policies:

Customers can also enable tampering policies which would help them against cookie tampering/poisoning attacks. It also protects application from tampering like URL rewriting, encryption tampering, and so on. This rule can also be configured to protect against attacks to identify predictable resource location, unauthorized access, server reconnaissance.

HTTP Parameter Controlling Policies:

Solution protects HTTP Parameter pollution, tampering attacks, and policies can be written to protect against HTTP parameter pollution attack, restricting/controlling HTTP methods and validating header length, content length, Body length, Parameter length, body line length etc.

Enterprise Features:

AppTrana supports all enterprise use cases including-

Support for Transformation Functions:

As part of core rules AppTrana supports transformation functions like URL Decoding, Null Byte string termination.

Customized Error Message:

Based on application requirement customer can request for rules to mask their server errors and show custom pages instead of default server errors.

Support for Custom Ports & Protocols:

By default, the rules are written for HTTP/HTTPS traffic and WAF listens on port 80/443. Customers can request for additional custom ports be opened based on their need and monitoring of additional protocols like SOAP, XML etc.

Support for IPv6:

Customer can enable IPv6 support for their sites by requesting it while onboarding. With this clients connecting to the application will be able to connect using IPv6 even if backend does not support IPv6.

Support for SIEM:

SIEM API’s are available that will enable customers to get real-time attack logs from AppTrana that can be integrated with their SIEM tools for further analysis.

Support for 2FA & RBCA:

AppTrana provides support for role-based access control also access to AppTrana portal through 2FA support.

 

Download Report

Download AppTrana Protection WAF Rules Coverage in PDF.

Was this helpful?

Powered by Product Fruits