EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Home Page:https://www.enablesecurity.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Further Detail

demondogsports opened this issue · comments

Cloudfront (AWS / Amazon) is technically a CDN (content delivery network). It can have a WAF in the mix, but is generally returning cached content from edge locations.

Elastic Load Balancers (AWS / Amazon) - some may be network load balancers operating at L3/L4. Application LB work at L7 and may have a WAF before, or after, or none.

This came up on a discussion in Discord where someone was confused about WAF. Thought I’d feedback.

When wafw00f was initially developed, it originally detected systems that were purely WAFs. Eventually people started adding detection systems that exhibited WAF behaviors but were not necessarily marketed as a WAF. Back then we took the decision to accept such contributions as it seemed useful for a tool that detects WAFs to know if there is anything that might block web-based attacks or not. I still think this is useful, and we don't claim to have the perfect definition of a WAF or have a puritan approach to this.