WAF Rule Set Update Announcement

Name	waf.sig
Version	1.2.0
StoneOS Version	5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above
Release Date	2023-6-3
New Rules (44)	Rule ID	Rule Name	Rule Details
	1090410100	Suspicious Backdoor Access	Click for Details
	1020610004	HTTP Header Injection Attack(CR/LF detected in argument names)	Click for Details
	1020610005	HTTP Header Injection Attack via payload (CR/LF and header-name detected)	Click for Details
	1020610006	HTTP Header Injection Attack(CR/LF in ARGS GET)	Click for Details
	1020510002	Disable Dict Protocol In ARGS for Blocking SSRF Attack	Click for Details
	1020510003	Disable Gopher Protocol In ARGS for Blocking SSRF Attack	Click for Details
	1020510004	Disable Ldap Protocol In ARGS for Blocking SSRF Attack	Click for Details
	1020510005	Use SSRF to Access Cloud Metadata	Click for Details
	1020510006	Use SSRF to Access Domain resolved as localhost	Click for Details
	1020510007	Suspicious SSRF Port Scan Attack	Click for Details
	1020510008	Suspicious SSRF Intranet Scan Attack	Click for Details
	1020510009	php include and require file inclusion	Click for Details
	1020510010	php data preudo protocol file inclusion	Click for Details
	1020510011	php input and filter file inclusion	Click for Details
	1020710010	Disable File Protocol In ARGS for Blocking SSRF Attack	Click for Details
	1020710011	Use SSRF to Access Local Resource	Click for Details
	1020710012	Attempts to include sensitive file	Click for Details
	1020710013	Attempts to include PHP file	Click for Details
	1020410014	Unix Command Injection-4.	Click for Details
	1020410015	Unix Command Injection-5.	Click for Details
	...
Updated Rules (41)	Rule ID	Description	Ruel Details
	1020400014	Unix Shell Code.	Click for Details
	1020400015	Remote Command Execution: Shellshock-1.	Click for Details
	1020400016	Remote Command Execution: Shellshock-2.	Click for Details
	1020400017	Restricted File Upload Attempt.	Click for Details
	1070110071	CVE-2022-22978: Spring Security Authentication Bypass Vulnerability	Click for Details
	1070310170	CVE-2022-30778,CVE-2022-30779,CVE-2022-31279: Laravel Deserialization Remote Code Execution	Click for Details
	1020510001	Non HTTP Protocols Disabled In ARGS for Blocking SSRF Attack	Click for Details
	1020710000	Detect attempts to include .svn or .git	Click for Details
	1020710001	Detect attempts to include /etc/passwd	Click for Details
	1020710002	Detect attempts to include Boot.ini	Click for Details
	1020710003	Detect attempts to include .htaccess	Click for Details
	1020710004	Detect attempts to include .htpasswd	Click for Details
	1020710005	Detect attempts to include .htgroup	Click for Details
	1020710006	Detect attempts to include Httpd.conf	Click for Details
	1020710007	Detect attempts to include Global.asa	Click for Details
	1020710008	Detect attempts to include .wwwacl or .www_acl	Click for Details
	1020710009	Detect attempts to include Robot.txt	Click for Details
	1000010051	Sensitive Information or Files Access	Click for Details
	1060110003	Detected web security scanner:Xray	Click for Details
	1060110005	Detecting burpsuite scanning features	Click for Details
	...