The WAF & OWASP Top 10 policy group contains a robust set of policies that protect your application against the most critical security risks standardized by the Open Web Application Security Project (OWASP).
Some policies in this policy group also block the response phase of a request to prevent data leakage. For example, the Personally identifiable information (PII) policy can block a response if personal or private information is detected. In such cases, the request will return a status code 200 OK, but the response will be blocked.
You can review the WAF and OWASP top threats policy group and enable or disable its policies in the Gcore Customer Portal:
1. Navigate to WAAP > Domains.
2. Find the domain where you want to configure the policy group and click the domain name to open it.
3. On the Policies page that opens, click WAF and OWASP top threats to expand the section and adjust the policies.
Only the Open redirect and Personally identifiable information policies are disabled by default. To enable a policy, turn on the toggle near that policy.
The following table features the full list of policies that you can configure as part of the WAF & OWASP top threats policy group. These policies correspond to the most common types of threats.
Policy | Description |
SQL injection |
In this form of attack, hackers use malicious SQL code to manipulate the backend of a database and access sensitive information such as company data, user lists, or private customer details. Enable the policy to detect and block any attempts to alter database queries. |
Cross-site scripting (XSS) | XSS attacks happen when an attacker uses a web application to send malicious code to a different user. Enable the policy to detect and prevent XSS attacks by analyzing incoming requests for malicious script injections and blocking the execution of such scripts. |
Shellshock exploit | This is a Bash shell vulnerability that can be exploited by attackers to execute arbitrary code and potentially harmful commands. By enabling the policy, you protect your application against malicious attempts to inject unauthorized commands into Bash environments. |
Remote file inclusion | This attack exploits vulnerabilities in web applications that dynamically reference external scripts. Enable the policy to protect against unauthorized inclusion of remote files. |
Apache Struts exploit | Apache Struts v1 contains a vulnerability that allows malicious users to exploit the Object-Graph Navigation Language (OGNL). Enable the policy to safeguard your web application against malicious exploits that target vulnerabilities in the Apache framework. |
Local file inclusion | Some attackers can exploit vulnerable inclusion procedures in a web application by injecting files that already exist on a server. Enable the policy to defend against the unauthorized inclusion of local files. |
Common web application vulnerabilities | Enable the policy to protect your application against a range of prevalent web vulnerabilities. |
Web shell execution prevention | Malicious scripts are often used to escalate and maintain persistent access to compromised web applications. This is a common post-exploitation attack. Enable the policy to block any attempts to execute web shell scripts and to gain unauthorized access to your application. |
Protocol attack | These types of attacks are designed to eat up the processing capacity of a network infrastructure resource like a server, firewall, or load balancer. Enable the policy to block any attempts to inject and manipulate headers or query parameters through sanitation of insufficient user input. |
Cross-site request forgery (CSRF) | CSRF is an attack that exploits a vulnerability in a web application. This happens if the application can’t differentiate between a request generated by an individual user and a request initiated without their consent. Enable the policy to prevent such attacks and ensure the integrity of user interactions with your application. |
Open redirect | This vulnerability occurs when attackers exploit unfiltered or unvalidated redirect destinations provided by a client. Enable the policy to defend against unauthorized and potentially malicious URL redirects. |
Shell injection | This vulnerability allows an attacker to execute arbitrary operating system commands on the server running an application. Enable the policy to block malicious attempts to inject unauthorized commands into web application shells. |
Code injection | This attack involves injecting malicious code that is interpreted or executed by the application. This is usually possible due to a lack of proper input and output validation. Enable the policy to prevent any attempts to inject unauthorized code or commands into web applications. |
Sensitive data exposure | These attacks target sensitive data, aiming to expose critical information about the company, its customers, or its users. Enable the policy to protect against the accidental exposure of application-related data. |
XML External Entity (XXE) | This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. Enable the policy to ensure the security and integrity of your XML-based data. |
Personally identifiable information | When personally identifiable information (PII) isn’t properly protected, it can cause a security vulnerability and lead to data leakage. Enable the policy to prevent accidental exposure of personal data by searching for private information in the web application responses. |
Server-side template injection | Some attackers can use native template syntax to inject a malicious payload into a template and then execute it on the server. Enable the policy to block attempts to inject unauthorized code into your web application templates. |
Was this article helpful?