Preventing users/bots from trying to inject scripts on website

travis_tmb · January 22

Good Morning,

This morning we awoke to either a bot or a human trying to inject scripts on to one of our websites. We were able to detect this as our site was throwing error emails to us from the login page.

Can the WatchGuard not detect this type of behavior to prevent it?

Thanks

travis_tmb · January 22

I was told that the person/bot was using this:

https://github.com/LewisArdern/bXSS

Bruce_Briggs · January 22

There are many cross site scripting detections in the Intrusion Prevention detection database.

IPS detection is improved for HTTPS traffic if Inspect is being done.

From the docs:
"If you enable IPS for an HTTPS-proxy policy, you must also enable Content Inspection in the HTTPS-proxy action, in order for IPS to scan the HTTPS content."

Configure Intrusion Prevention
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/ips/ips_config_c.html

travis_tmb · January 22

Thanks for the update!

Anderson · December 15

When HTTPS content inspection is enabled, watchguard IPS can detect XSS like bXSS.

The payload won't be visible to IPS without SSL inspection. Verify that the HTTPS-proxy policy on your login page has content inspection and intrusion prevention system (IPS) enabled.

It also helps to incorporate app-layer inspections or rate constraints.

Preventing users/bots from trying to inject scripts on website

Comments