Hi,
htbridge (https://www.immuniweb.com/websec/) no longer detects WAF on one of my
web servers configured with OpenBSD-httpd and PF on same machine;
sample of pf.conf configuration as follows.
----------------------------------------------------------------------------------------------------
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
# don't filter on the loopback interface
set skip on lo
# scrub incoming packets
match in all scrub (no-df)
# set up a default deny policy
block all
# activate spoofing protection for all interfaces
block in quick from urpf-failed
pass in on bge0 from 192.168.0.0/24 to 192.168.0.254
pass out on bge0 from 192.168.0.254 to 192.168.0.0/24
pass in on egress proto tcp from any to egress port 22 modulate state
pass in on egress proto tcp from any to egress port 80 modulate state
pass in on egress proto tcp from any to egress port 443 modulate state
pass out on egress proto tcp from any to any port smtp modulate state
~
~
~
~
~
~
~
~
~
~
~
/etc/pf.conf: 24 lines, 733 characters.
www# pfctl -nf /etc/pf.conf
www# pfctl -vf /etc/pf.conf
---------------------------------------------------------------------------------------
Not sure what new criteria they are using to detect WAF.
Which is a better way to implement a WAF on OpenBSD using the base utilities?
Thank you,
Kihaguru.
