Question Example of testing WAF IIS owasp?

[k5t9]

Hi, i'm afraid my WAF owasp on plesk is not working. How to test WAF on windows and IIS? I tried entering url like /etc/password to test my WAF, but it's only on linux, how to test WAF on windows? I try many ways and it is letting me to enter any url, he is not blocking. Maybe i just don't test him the right way?

 

[Peter Debik]

Probably something like
https://www.<your domain>.tld/non-existent-file.php?parameter=../../etc
will trigger a rule.

 

[k5t9]

Thanks, he is working, but strange... because instead of blue 403 page i have white page with regular text: You do not have permission to view this directory or page.

 

[k5t9]

By the way, is it true that OWASP WAF plesk won't work anymore after 2024 year? Or it's just a modsecurity official site? Or both won't work after 2024?

 

[Maarten]

By the way, is it true that OWASP WAF plesk won't work anymore after 2024 year? Or it's just a modsecurity official site? Or both won't work after 2024?

Where is this coming from? Did you read something online?

 

[k5t9]

from official mod security site. maybe i read it wrong
"Trustwave is announcing the End-of-Life (EOL) of our support for ModSecurity effective July 1, 2024. We will then hand over the maintenance of ModSecurity code back to the open-source community."