]> _ Git - web-application-firewall.git/log
projects / web-application-firewall.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
web-application-firewall.git
3 months agoAdd example allowed host master
commit | commitdiff | tree
mivirl [Fri, 14 Mar 2025 18:03:22 +0000 (18:03 +0000)]
Add example allowed host

Added an example to the haproxy configuration to allow requests to a
specific host even if the request would otherwise be blocked.

3 months agoRemove conflicting NoExecPaths and ExecPaths settings
commit | commitdiff | tree
mivirl [Fri, 14 Mar 2025 17:50:04 +0000 (17:50 +0000)]
Remove conflicting NoExecPaths and ExecPaths settings

From testing, ExecPaths setting appears to override the
TemporaryFileSystem setting. When both NoExecPaths=/ and
TemporaryFileSystem=/ are used, the entire filesystem remains available
in the sandbox.

This might be a bug with systemd since it doesn't appear to be
documented (as of version 257).

This isn't much of an issue since NoExecPaths didn't add much in the
first place, since it's still possible to use any executable
interpreters to load non-executable files, and /lib/ld-linux.so.2 is an
interpreter that allows executing any ELF binaries, and must be marked
executable for any binary to run in the first place. So an attacker
could always work around it fairly easily.

3 months agoFix comparison in generated install.sh
commit | commitdiff | tree
mivirl [Fri, 14 Mar 2025 17:48:31 +0000 (17:48 +0000)]
Fix comparison in generated install.sh

Erroneously required that the program wasn't running as root.

3 months agoAdd link to Haproxy-JA4 in README.md
commit | commitdiff | tree
mivirl [Fri, 14 Mar 2025 17:47:37 +0000 (17:47 +0000)]
Add link to Haproxy-JA4 in README.md

5 months agoInitial commit
commit | commitdiff | tree
mivirl [Mon, 20 Jan 2025 04:47:13 +0000 (04:47 +0000)]
Initial commit

Block or rate limit untrusted requests to a web application