Techly NewsGet the app

Get the latest tech news

Response Filter Denial of Service: shut down a website by triggering WAF rule


TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce order details, etc... to prevent the

These company-specific rule sets can provide alternative or supplementary protection strategies to the OWASP CRS, giving users more options depending on their specific security needs and the nature of the threats they are most concerned about. The lack of special characters, HTML tags, and terms included in bad-word dictionaries (like eval or exec) makes them the perfect choice for any attacker who wants to prevent a website from being displayed to users. The main takeaway is that while response body filtering is critical for protecting sensitive data from being exposed, it requires a balanced approach to ensure it does not compromise the availability of web services.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of service

service

Photo of rfdos

rfdos

Related news:

News photo

How Microsoft sees its Models-as-a-Service feature democratizing access to AI

News photo

Asus Apologizes for Heavily Criticized Warranty and Return Service

News photo

Rebuilding my homelab: Suffering as a service

« Investors Cast Wider Net for AI Winners After Nvidia Delivers
5 deeply 90s nostalgic things about the rebooted Nokia 3210 »