Question
User Bobby Tables in Webapp behind Fortigate and SQL Injections
Hello,
I have a problem with a suspected hacking attack because someone created a user bobby tables in our webapp.
We have IPS+WAF+DPI however WAF is lightly configured and only blocks exploits and trojans but everything else is monitor because otherwise we cannot create news on our webpage because WAF would block it.
Can you recommend changes for fortigate in my config?
I have enabled this 2 Security Profiles together with Full DPI:
config ips sensor edit "IPS-LinuxServer" set comment "Test" set scan-botnet-connections block config entries edit 1 set location server set severity medium high critical set os Linux set status enable set action block next end next end
And this WAF Profile:
config waf profile edit "linux-waf" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 set status enable end config main-class 30000000 set status enable set severity high end config main-class 40000000 set status enable set severity high end config main-class 50000000 set status enable set severity high end config main-class 60000000 set status enable set severity high end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end config main-class 10000000 set status enable end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end