CloudFront WAF blocks the "/actuator" endpoint, but by URL‑encoding each character as "%61%63%74%75%61%74%6f%72" you can evade the rule and directly access the Spring Boot actuator interface.
The article analyzes recent supply‑chain poisoning of the LiteLLM PyPI package and Docker Hub images, explains why PyPI is an attractive attack vector, and details a three‑layer defense using Alibaba Cloud's cloud‑native API Gateway—including KMS‑encrypted credentials, WAF traffic filtering, and Wasm sandbox plugins—to protect the software supply chain.
SafeLine, an open‑source web application firewall, offers zero‑configuration, multi‑scenario protection against SQL injection, XSS, malicious crawlers, and brute‑force attacks, delivering 99% interception accuracy with minimal resource usage and a simple three‑step Docker deployment for small‑to‑medium sites.
This guide walks through constructing a high‑performance, cost‑effective enterprise‑level Web Application Firewall using OpenResty, covering why OpenResty is ideal, core architecture, modules for request lifecycle management, IP control, rate limiting, SQL injection and XSS detection, intelligent CC protection, monitoring, performance tuning, deployment tips, real‑world case study, and future enhancements.
This article breaks down DDoS attacks across the network, transport, and application layers, explains the core techniques like ICMP flood, SYN flood, and HTTP flood, and provides practical defense measures such as filtering, SYN cookies, WAFs, and CDN load balancing.
This article explains the fundamentals of Cross‑Site Scripting attacks, illustrates reflected, stored, and DOM‑based variants with concrete code examples, and presents a four‑step defense strategy—including input validation, output encoding, Content Security Policy, and WAF—to protect web applications.
This guide explains step‑by‑step how to set up a Web Application Firewall by installing LuaJIT, ngx_devel_kit, lua‑nginx‑module, compiling Nginx with Lua support, fixing common errors, and optionally using OpenResty, followed by configuring and testing the ngx_lua_waf module.
This article explains essential techniques to protect PHP applications from SQL injection attacks, covering prepared statements, input validation, ORM usage, escaping, stored procedures, permission restrictions, web application firewalls, and logging, with practical code examples for PDO, MySQLi, and Eloquent.
This guide walks through installing LuaJIT, ngx_devel_kit, and lua-nginx-module, compiling Nginx with Lua support, fixing common libluajit errors, optionally installing OpenResty, and configuring the ngx_lua_waf module to protect web applications.
This tutorial explains how to install LuaJIT, ngx_devel_kit, and lua‑nginx‑module, compile Nginx with Lua support, resolve common libluajit errors, optionally install OpenResty, and configure the ngx_lua_waf module to protect web applications.
A seemingly tiny 8‑byte request body size restriction caused a production outage in a serverless education platform, leading the team through extensive debugging, discovery of an AWS WAF payload limit, and ultimately a fix that highlighted the importance of proper documentation and infrastructure awareness.
This guide walks through installing LuaJIT, ngx_devel_kit, lua-nginx-module, compiling Nginx with Lua support, troubleshooting common errors, and adding a Lua-based Web Application Firewall (WAF) on an OpenResty platform.
This guide explains how to build a dynamic IP blacklist using Nginx, Lua, and Redis, covering installation of LuaJIT, compiling Nginx with required modules, configuring Redis, writing Lua access‑limit scripts, and verifying that frequent requests are automatically blocked for a set period.
This article explains what a Web Application Firewall (WAF) is, introduces the open‑source SafeLine WAF, and provides step‑by‑step instructions for containerized installation, describes its architecture and core security capabilities such as semantic attack detection, IP intelligence, traffic control, and high‑performance protection for web sites.
This guide explains how to identify and differentiate malicious bot traffic from legitimate requests by analyzing web server logs, leveraging fields such as IP, user‑agent, referer, and parameters, and then applying WAF rules, automation, and security platforms to mitigate attacks and improve operational metrics.
This article explains why web applications need a Web Application Firewall, introduces ModSecurity as a WAF for Nginx, and provides step‑by‑step installation, configuration, custom rule creation, and service restart commands to defend against attacks such as SQL injection and XSS.
This article examines the ten most common website security attacks—from XSS and SQL injection to DDoS and phishing—explaining their motivations, mechanisms, and practical mitigation strategies such as WAF deployment, input sanitization, SSL encryption, and regular updates to help protect any online presence.
This step‑by‑step guide shows how to configure an Alibaba Cloud ACK cluster, install the Higress cloud‑native gateway with Helm, enable Prometheus monitoring via ARMS, and activate the built‑in WAF plugin to block a simulated SQL‑injection request, complete with screenshots and commands.
The article delivers a technical overview of modern botnet threats, detailing the PBot and Xanthe families, their infection vectors, command‑and‑control operations, and provides practical detection, mitigation, and statistical analysis methods for defending against large‑scale DDoS, spam, and other malicious activities.
Tencent Cloud helped the viral game 《羊了个羊》 scale from 5,000 QPS to support over 100 million daily active users in a week by using serverless Kubernetes auto‑scaling, real‑time logging, WAF/Anti‑DDoS protection, CDN, and read‑write separation with Redis, achieving high performance, availability, and scalability.
The article details a step‑by‑step investigation of a form‑submission cross‑origin error in a front‑back separated system, tracing the HTTP request flow through DNS, Nginx, Tomcat, and finally identifying a WAF XSS rule that blocked a specific moduleExport field, and explains how the issue was resolved by adjusting the WAF configuration.
The article recounts a real‑world incident where a JSON POST from a front‑end domain triggered a cross‑origin 418 error because a Web Application Firewall’s XSS filter mistakenly blocked a JavaScript validator field, and after the security team modified the WAF rules the issue was resolved, highlighting systematic debugging and deep knowledge of DNS, Nginx, ingress, Tomcat and WAF layers.
This article explains how to identify and mitigate malicious bot traffic by analyzing web server logs, using command‑line queries, specialized log‑analysis tools, centralized platforms, and automated security workflows, while also outlining operational metrics and response processes for effective protection.
This article provides a comprehensive analysis of SQL injection vulnerabilities, covering their principles, testing tools, repair methods, and defense strategies, with practical implementation guidance for secure web application development.
This article explains the differences between Next‑Generation Firewalls and Web Application Firewalls, highlighting the additional protection that a WAF—especially F5’s solution—provides for complex web applications and why combining both technologies offers comprehensive security.
This article examines the prevalence of SQL injection attacks, presenting Imperva’s recent statistics, common attack vectors, real-world examples, and practical defenses such as prepared statements, input sanitization, and web application firewalls, while also offering Python code illustrations of secure and insecure database queries.
This guide walks you through installing OpenResty—a high‑performance Nginx/Lua web platform—on CentOS, adding a ready‑made Lua WAF module, configuring its various security rules (IP blacklist/whitelist, CC protection, URL, User‑Agent, GET/POST filters), and troubleshooting common issues.
This article examines the rise of web‑application firewalls, outlines common deployment challenges, compares several WAF operating modes—including bypass, layer‑2 transparent, and proxy architectures—and proposes load‑balancing strategies to achieve secure, high‑availability web services.
Boundary defense—protective measures at business and IT entry points such as firewalls, WAFs, and secure development lifecycles—provides early‑stage enterprises a clear perimeter through detection, response, protection, and policy, as illustrated by Youzan’s web‑gate WAF, SDL checkpoints, DNS monitoring, and automated security‑ticket processes, enabling a shift toward deeper, defense‑in‑depth strategies.
The article introduces major web security threats such as XSS, injection, CSRF, explains their mechanisms with examples, and presents defensive measures including input sanitization, HttpOnly cookies, web application firewalls, and encryption methods like hashing, symmetric and asymmetric cryptography.
This guide outlines practical steps for constructing a secure enterprise operations platform, covering network zone segmentation, selection and deployment of firewalls, IPS/IDS/WAF, endpoint management, web traffic control, monitoring, disaster‑recovery procedures, and incident response best practices to protect corporate data and systems.
This comprehensive guide explains why database injection remains a critical security threat, illustrates real‑world attack techniques and toolchains, and provides layered defensive measures—from secure coding and DB‑proxy solutions to web‑server filtering, WAF deployment, and log‑analysis pipelines.
This article describes Ctrip's challenges with web security, evaluates hardware and commercial cloud WAF shortcomings, and presents a low‑cost, low‑risk cloud‑based WAF solution that leverages DNS redirection, closed‑loop rule management, Lua/Tengine deployment, supervised machine‑learning log analysis, and big‑data streaming for real‑time threat detection and mitigation.
This article walks you through designing, installing, and configuring a custom WAF using Nginx and Lua (OpenResty), covering core modules, pain points of native Nginx security, code examples, deployment tips, and future enhancements for robust web protection.
The article presents a comprehensive list of one hundred concrete web‑application security techniques—ranging from HTTP request analysis and token validation to WAF rule conversion, honeypot deployment, IP reputation checks, and response‑time monitoring—derived from the book “Web Application Defender's Cookbook” and illustrated with real‑world examples and tool references.
The article presents a comprehensive list of one hundred practical web‑application defense techniques—ranging from HTTP request analysis and ModSecurity rule creation to honeypot deployment and automated threat intelligence—drawn from the under‑appreciated book “Web Application Defender’s Cookbook.”
