Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-Type WAF bypass #108

Open
krizhanovsky opened this issue Jul 4, 2019 · 0 comments
Open

Content-Type WAF bypass #108

krizhanovsky opened this issue Jul 4, 2019 · 0 comments
Labels
enhancement New feature or request security
Milestone
1.0 - GA

Comments

@krizhanovsky
Copy link
Contributor

krizhanovsky commented Jul 4, 2019
edited
Loading

Need a test, probably extension for normalization/test_http_multipart.py (in this case please rewrite the test to new framework since current implementation is quite unclear) or WAF test suite (tempesta-tech/tempesta#843) to test Content-Type based WAF bypasses.

At least examples from https://youtu.be/tSf_IXfuzXk?t=2132 (slides) must be tested, including GET requests with Content-Type and body (see tempesta-tech/tempesta#1296).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security
Projects
None yet
Milestone
1.0 - GA
Development

No branches or pull requests
3 participants
@krizhanovsky @dsvi @Dmitry-Gouriev