I am having problems setting up a WAF for XSS filtering. I am testing this WAF in a full virtual environment. I have a simulated public virtual machine (Client) with an ip address of 10.0.0.42 and a simulated private virtual machine (Server) with an ip address of 192.168.0.10.
I have setup the UTM with 2 interfaces and set a rule for the firewall to allow Web Traffic from Any to Any.
The only thing left is i need to filter all web traffic for XSS. I have setup a vulnerable website on the Server (192.168.0.10) and can access it from the client through the UTM but there is no filtering being done by the WAF.
I have also setup a Real Web Server and a Virtual Web Server.
Help need really appreciate.
This thread was automatically locked due to age.