Open ben-elbert opened 1 month ago
definitely, do you have a possible instance with GC Armor running on it? you can also DM me personally on twitter if it cannot be shared publicly.
35.201.94.126:80
Thank you!
thanks for providing this! from the looks of it, it seems that the WAF is very difficult to fingerprint, no proper server headers, no fingerprintable response page contents, etc to tie the blockpage to Google Cloud Armor. The only thing that I can think of is the IP address being within Google Cloud's IP ranges. Not sure if we can tie up the IP range indicator to attribute a generic blockpage to Google Cloud Armor as other WAFs like Imperva can too be present. Will need to think properly on this as this can raise too many FPs.
Hey Guys, is it possible to add Google Cloud Armor to the list of detected vendors?