Web Application Firewall

Discussion forum for MOD Writers regarding MOD Development.
Locked
Ciao121
Registered User
Posts: 239
Joined: Wed Jan 28, 2004 1:08 pm

Web Application Firewall

Post by Ciao121 »

Hi,
I'm testing a web application firewall and it's blocking many of my pages.
Those pages are blocked by a rules that check metacharacters in variables. In the specifical case it's blocking "%0D" (the urlencoded of newline I think).

I noticed that phpBB uses two different ways to post forms:
1) application/x-www-form-urlencoded
2) multipart/form-data

The block only happens when using "x-www-form-urlencoded".
I'm about to choose if use multipart/form-data in every form or to disable metacharacters check on Web Application firewall.

Any suggestion? Thank you :roll:
Apri il tuo forum gratuito in 1 minuto.
User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34457
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Re: Web Application Firewall

Post by A_Jelly_Doughnut »

I'm not sure what you gain by doing this kind of sniffing, really. I'd turn it off.
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish
Ciao121
Registered User
Posts: 239
Joined: Wed Jan 28, 2004 1:08 pm

Re: Web Application Firewall

Post by Ciao121 »

Security team (paranoid people) does it; I'll ask them :lol:
Apri il tuo forum gratuito in 1 minuto.
User avatar
igorw
Former Team Member
Posts: 8024
Joined: Fri Dec 16, 2005 12:23 pm
Location: {postrow.POSTER_FROM}
Name: Igor Wiedler

Re: Web Application Firewall

Post by igorw »

The enctype application/x-www-form-urlencoded is a standard POST form, multipart/form-data is only used for file uploads.

And I agree with Donut that you'd rather fix this in the firewall than within your app. Maybe you can get rid of the too restrictive rule that is causing this problem. Because it's a completely legal request, a false positive basically.
Igor Wiedler | area51 | GitHub | trashbin | Formerly known as evil less than three
Ciao121
Registered User
Posts: 239
Joined: Wed Jan 28, 2004 1:08 pm

Re: Web Application Firewall

Post by Ciao121 »

A_Jelly_Doughnut wrote:I'm not sure what you gain by doing this kind of sniffing, really. I'd turn it off.
Check was done to avoid this: http://en.wikipedia.org/wiki/HTTP_response_splitting
I disabled check because I think phpbb never uses GET or POST variables in HTTP Header response
Apri il tuo forum gratuito in 1 minuto.
Locked

Return to “[3.0.x] MOD Writers Discussion”