This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Test if WAF is working

Hello,

Can anyone recommend a 100% reliable test if WAF is actually working (especially the SQL-INJ/XSS features)? 

Firewall profile has form/url/cookie/xss/sql features enabled. I think I have configured the real webserver and virtual webserver correctly, but I don't know how to verify this.

Thank you!
Tim


This thread was automatically locked due to age.
Parents Reply
  • Hello Scott,

    Thank you for the tips, I have succesfully tested the setup. Hence my next question: Can I change the thresholds for XSS/SQL Injection blocks/alerts?

    In noticed for instance that SQL SELECT statements and several UPDATE statements are not blocked.
Children
No Data