RichardPerry
commented
2 years ago Note adding the --blockStatusCode flag in addition does not seem to do anything either
Closed RichardPerry closed 2 years ago
RichardPerry
commented
2 years ago Note adding the --blockStatusCode flag in addition does not seem to do anything either
svkirillov
commented
2 years ago Hi!
--blockRegex awselb/2.0
It seems that your regex has wrong format. Please make sure the regular expression matches the syntax supported by golang.
Not entirely sure what is happening, but could any anybody explain how to format the regex so that they match something returned by the WAF, for example awselb/2.0 header
When i try: docker run -v ${PWD}/reports:/app/reports --network="host" wallarm/gotestwaf --followCookies --maxIdleConns 1 --proxy http://127.0.0.1:8080 --testCase xss-scripting --addHeader "X-Request-Identifier: SomeName" --blockRegex awselb/2.0 --url \ --verbose
GOTESTWAF : 2021/12/17 14:03:08.885123 main.go:61: GoTestWAF unknown
GOTESTWAF : 2021/12/17 14:03:08.886578 main.go:71: Test cases loading started
GOTESTWAF : 2021/12/17 14:03:08.888345 main.go:78: Test cases loading finished
GOTESTWAF : 2021/12/17 14:03:08.888415 main.go:91: gRPC pre-check: IN PROGRESS
GOTESTWAF : 2021/12/17 14:03:09.078516 main.go:101: gRPC pre-check: GRPC IS NOT AVAILABLE
GOTESTWAF : 2021/12/17 14:03:09.078564 main.go:106: Scanned URL: \
GOTESTWAF : 2021/12/17 14:03:09.440094 main.go:46: main error: WAF was not detected. Please use the '--blockStatusCode' or '--blockRegex' flags. Use '--help' for additional info.
Baseline attack status code: 403
it exits instantly, but when I remove the --blockRegex it runs fine
Not sure what is going on but the regex feature would be very helpful as the WAF responds with multiple different status codes when it blocks requests, not just one, and some don't match the 'block' status code