14 Apr 22
The WAF (web application firewall) is one of the best tools for protecting a website from malicious traffic. It sits between the web and the potential attacker, so it acts as a wall with a defensive role. The functionalities depend on how it’s implemented, and the rules that are applied. Nevertheless, it’s vital to have a WAF so you don’t have to worry about website damages that can be prevented.
You shouldn’t only think about the worst scenarios that a security vulnerability can cause, such as data theft and ransomware. Low level vulnerabilities can still affect your website, your organization and complicate your life.
This week, the open source web server NGINX has confirmed the existence of security vulnerabilities on the LDAP reference implementation.
This scenario is dangerous when command-line parameters are used to configure the Python daemon, when unused parameters are used in the configuration that can be overwritten, or when the authentication depends on belonging to a specific group.
To mitigate these security flaws, you can take different actions. One of them is inhibiting the passing of HTTP headers in NGINX, which can be done with the following directive in the NGINX configuration file: proxy_pass_request_headers off.
Another one is to filter out strange characters in login forms, such as special characters with meaning in LDAP: hyphens -, parentheses () and the equal sign =.
WAFs and Firewalls are used to protect websites and can complement each other. Each one covers certain vulnerabilities. While the standard firewall prevents the entry of non authorized traffic to private networks and protects the traffic to the servers, the WAF filters and blocks the traffic that goes to and from a web application.
The WAF also proactively monitors web application vulnerabilities, observes network weakness and patches these weak points to mitigate short-term problems and establish long-term solutions.
Transparent Edge’s clients that have our WAF are protected against the vulnerabilities confirmed by NGINX. They can relax and our Operations team has communicated this to them. Why? Because our WAF prevents common attacks, stopping them before they reach the origin servers with compromised NGINX-LDAP installations. It sanitizes HTTP requests, by examining the headers and request bodies, looking for malicious payloads, and filtering out the requests that can pose a threat to our client’s origin before they actually get there.
For the clients that don’t have our WAF, we’ve recommended implementing it to protect themselves against these and other vulnerabilities.
In the meantime, at Transparent Edge we’re paying attention to the release of an exploit that may exploit the vulnerability to monitor malicious actors trying to use it.