On 2019/12/05 00:17, Kihaguru Gathura wrote:
>
>
>
> On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura <pqscript@gmail.com> wrote:
>
>
>
> >> Which is a better way to implement a WAF on OpenBSD using the base utilities?
> >
> > relayd configured in certain ways might be considered as a WAF.
>
>
> All methods and all other security headers and path filters are coded in the web
> application which had always been detected as a custom WAF until two weeks ago.
>
> I have now included relayd and a re-test passes all other requirements but does not detect
> a WAF (please find sample configurations and test report below).
>
> Any hint highly appreciated
I think you will need to talk to your assessors and ask what they're looking for.
No comments:
Post a Comment