G |
Grozav Claudiu |
Hello,
I face a rather frustrating problem, my clients receive HULK attacks with thousands of hits from different IP addresses to the same web address in a very short time, I searched the internet for different methods to stop this type of attack, I finally found a rule that checks the order in which headers are sent but can't implement it in BitNinja, if you can create the ability to add custom rules and a tool to generate or convert them from apache waf rules to waf bitninja rules.
If this feature takes too long to be implemented I ask if you can include this WAF rule in the next BitNinja update.
The apache rule is:
SecRule REQUEST_HEADERS_NAMES ".*" "id:'11',chain,phase:1,t:none,log,drop,msg:'Request Header Ordering Alert: Potential Attack Tool - HULK DoS.',setvar:'tx.header_order=%{tx.header_order}, %{matched_var}'"
SecRule TX:HEADER_ORDER "@streq , Accept-Encoding, Host, Keep-Alive, User-Agent, Accept-Charset, Connection, Referer, Cache-Control""
More info about this rule on: www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hulk-vs-thor-application-dos-smackdown/
Thank you!
Activity Newest / Oldest
Adam Vincze
Status changed to: Planned