def is_waf(respDict): if match_type.match_header(respDict, ("Server", "SonicWALL")): return True if match_type.match_content(respDict, "This request is blocked by the SonicWALL"): return True if match_type.match_content( respDict, "Web Site Blocked") and match_type.match_content( respDict, "document.getElementById(\"nsa_banner"): return True return False
def is_waf(respDict): invalidhostresp = respDict['invalidHost'] if match_type.match_content({ 'invalidhost': invalidhostresp }, "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator" ): return True if match_type.match_content({ 'invalidhost': invalidhostresp }, "The ISA Server denied the specified Uniform Resource Locator (URL)"): return True return False
def is_waf(respDict): if match_type.match_content( respDict, "ASP.NET has detected data in the request that is potentially dangerous" ): return True if match_type.match_content( respDict, "Request Validation has detected a potentially dangerous client input value" ): return True return False
def is_waf(respDict): if match_type.match_header(respDict, ("Server", "jiasule-WAF")): return True if match_type.match_header(respDict, ("Set-Cookie", "__jsluid=")): return True if match_type.match_content( respDict, "static\.jiasule\.com/static/js/http_error\.js"): return True
def is_waf(respDict): # the following based on nmap's http-waf-fingerprint.nse if match_type.match_header( respDict, ('Server', '(mod_security|Mod_Security|NOYB)')): #from sqlmap waf return True if match_type.match_status_content( respDict, (501, "Reference #[0-9A-Fa-f.]+")): #from sqlmap waf modsecurity return True if match_type.match_content(respDict, "This error was generated by Mod_Security" ): #from sqlmap waf modsecurity return True return False
def is_waf(respDict): if match_type.match_content(respDict, "url\('/ks-waf-error\.png'\)"): return True
def is_waf(respDict): if match_type.match_content(respDict, "SENGINX-ROBOT-MITIGATION"): return True return False
def is_waf(respDict): if match_type.match_header(respDict,('X-dotDefender-denied', '^1$')): return True if match_type.match_content(respDict,'dotDefender Blocked Your Request'): return True return False
def is_waf(respDict): if match_type.match_content(respDict,"Unauthorized Activity Has Been Detected.+Case Number:"): return True if match_type.match_header(respDict,("X-SL-CompState",".")): return True return False
def is_waf(respDict): if match_type.match_content( respDict, "Access[^<]+has been blocked in accordance with company policy"): return True return False