You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I’m seeking your advice and experience regarding setting up a Web Application Firewall (WAF) in front of EJBCA to support the CMP protocol.
The WAF is based on ModSecurity with the Core Rule Set (CRS) enabled. However, we’re encountering an issue where CMP protocol requests are being rejected by the WAF. Since these requests include binary data for certificates, the WAF flags them as potential threats, such as SQL injection, remote command execution, and other malicious activity.
Do you have any suggestions for configuring the WAF in this scenario? Specifically, we’re looking for best practices or rule adjustments to allow legitimate CMP traffic while maintaining security.
for the WAF, we could configure the paranoia level, remove some security rules by id/tag...
Thank you in advance!
Best regards,
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
I’m seeking your advice and experience regarding setting up a Web Application Firewall (WAF) in front of EJBCA to support the CMP protocol.
The WAF is based on ModSecurity with the Core Rule Set (CRS) enabled. However, we’re encountering an issue where CMP protocol requests are being rejected by the WAF. Since these requests include binary data for certificates, the WAF flags them as potential threats, such as SQL injection, remote command execution, and other malicious activity.
Do you have any suggestions for configuring the WAF in this scenario? Specifically, we’re looking for best practices or rule adjustments to allow legitimate CMP traffic while maintaining security.
for the WAF, we could configure the paranoia level, remove some security rules by id/tag...
Thank you in advance!
Best regards,
Beta Was this translation helpful? Give feedback.
All reactions