Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 6330 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

is it possible to detect and block for the XSS Referer and X-Forwarded-For Header vulnerability on WAF module?

YujinWon

Hello, 

One of our customers wants to configure the WAF to detect and block for the XSS Referer and X-Forwarded-for vulnerability.

Is it possible to detect and block for the XSS Referer and X-Forwarded-for vulnerability?

If it is impossible on UTM9,  is it possible to detect and block for those vulnerabilities on XG?

If it is possible to handle on UTM9 or XG, can you guide me how to configure to protect for XSS Referer and X-Forwarded-for vulnerability?

 

Below is a detail information for each vulnerability 

More detail for XSS Referer vulnerability: https://xss.cx/examples/dork/xss/xss-referrer-http-header-cross-site-scripting.html#1.1

More detail of a "X-Forwarded For" vulnerability.:  https://www.exploit-db.com/exploits/38519/

 

Thanks, 



This thread was automatically locked due to age.
  • 0

    Yes, you can configure to block cross-site scripting and SQL injection.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello BAlfson, 

    Thank you for your answer. 

     

    XSS is one of my question. but SQL injection is not my question.

    SQL injection is just example for the x-forwarded-for and i just explained as an example that attacker is able to attack a SQL injection using x-forwarded-for vulnerability.

    Can SG detect and block the XSS that injected the malicious script in the Referer HTTP Header if i enable the XSS attack in Common Threat Filter Category?

    What should i do on SG if i want to detect and block a x-forwarded-for vulnerability?

     

    Thanks, 

  • 0 in reply to YujinWon

    That information isn't explicitly stated in the documentation.  I would expect that that's covered, but you really need to ask Sophos Sales to get such information from their pre-sales engineer.

    Please post their response here so that we all can learn.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML