diff --git a/README.md b/README.md
index ab48efa..d1d6cd7 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,7 @@ Wanna detect WAFs? Lets see how.
Blocked response page contains:
Sorry, your request has been blocked as it may cause potential threats to the server's security text snippet.- Reference to
errors.aliyun.com site.
+ - Reference to
errors.aliyun.com site URL.
@@ -220,7 +220,27 @@ Wanna detect WAFs? Lets see how.
|
- Amazon AWS WAF
+ ASP.NET Generic (IIS)
+ |
+
+
+ - Detectability: Moderate
+ - Detection Methodology:
+
+ - Response headers may contain
X-ASPNET-Version header value.
+ - Blocked response page content may contain:
+
+ This generic 403 error means that the authenticated user is not authorized to use the requested resource.Error Code 0x00000000< keyword.
+ X-Powered-By header has field value set to ASP.NET.
+
+ |
+
+
+ |
+ AWS (Amazon)
|
@@ -247,6 +267,25 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ Barikode Firewall
+ |
+
+
+ - Detectability: Moderate
+ - Detection Methodology:
+
+ - Blocked response page content may contain:
+
+ barikode keyword.Forbidden Access text snippet in h1.
+
+
+
+ |
+
|
Barracuda WAF
@@ -277,6 +316,22 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ Better WP Security
+ |
+
+
+ - Detectability: Easy
+ - Detection Methodology:
+
+ - Specific to only sites using CMS as Wordpress.
+ - Plugin enumeration reveals the WAF plugin presence.
+ - Making a GET request to
wp-content/plugins/better-wp-security/ directory yeilds200 OK.
+
+
+ |
+
|
BitNinja Firewall
@@ -384,6 +439,25 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ Chuangyu WAF
+ |
+
+
+ - Detectability: Moderate
+ - Detection Methodology:
+
+ - Response page has refernce to:
+
+ 365cyd.com or 365cyd.net URL.- Help page at
http://help.365cyd.com/cyd-error-help.html?code=403.
+
+
+
+
+ |
+
|
Cisco ACE XML Gateway
@@ -472,34 +546,6 @@ Wanna detect WAFs? Lets see how.
|
-
- |
- GoDaddy Firewall
- |
-
-
- - Detectability: Easy
- - Detection Methodology:
-
- - Blocked response page contains value
Access Denied - GoDaddy Website Firewall.
-
-
- |
-
-
- |
- IBM WebSphere DataPower
- |
-
-
- - Detectability: Difficult
- - Detection Methodology:
-
- - Response headers contains field value value
X-Backside-Transport with value OK or FAIL.
-
-
- |
-
|
Deny-All Firewall
@@ -559,6 +605,20 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ DynamicWeb Injection Check
+ |
+
+
+ - Detectability: Easy
+ - Detection Methodology:
+
+ - Blocked response headers contain
X-403-Status-By field with value dw-inj-check value.
+
+
+ |
+
|
EdgeCast (Verizon)
@@ -621,6 +681,20 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ GoDaddy Firewall
+ |
+
+
+ - Detectability: Easy
+ - Detection Methodology:
+
+ - Blocked response page contains value
Access Denied - GoDaddy Website Firewall.
+
+
+ |
+
|
HyperGuard Firewall
@@ -635,6 +709,20 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ IBM DataPower
+ |
+
+
+ - Detectability: Difficult
+ - Detection Methodology:
+
+ - Response headers contains field value value
X-Backside-Transport with value OK or FAIL.
+
+
+ |
+
|
Imperva SecureSphere
@@ -964,6 +1052,24 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ pkSecurityModule IDS
+ |
+
+
+ - Detectability: Moderate
+ - Detection Methodology:
+
+ - Response content may contain
+
+ pkSecurityModule: Security.Alert.A safety critical request was discovered and blocked text snippet.
+
+
+ |
+
|
Radware Appwall
@@ -1033,6 +1139,27 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ Sabre Firewall
+ |
+
+
+ - Detectability: Easy
+ - Detection Methodology:
+
+ - Returns status code
500 Internal Error upon malicious requests.
+ - Response content has:
+
+ - Contact email
dxsupport@sabre.com.
+ Your request has been blocked bold warning.clicking the above email link will automatically add some important details to the email for us to investigate the problem text snippet.
+
+
+
+ |
+
|
Safe3 Firewall
@@ -1098,6 +1225,20 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ Shadow Daemon WAF
+ |
+
+
+ - Detectability: Difficult
+ - Detection Methodology:
+
+ - Blocked response page contains
request forbidden by administrative rules. keyword.
+
+
+ |
+
|
ShieldSecurity
@@ -1466,6 +1607,20 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ Xuanwudun WAF
+ |
+
+
+ - Detectability: Easy
+ - Detection Methodology:
+
+ - Blocked response page contains reference to
http://admin.dbappwaf.cn/index.php/Admin/ClientMisinform/ site URL.
+
+
+ |
+
|
Yundun Firewall
@@ -1510,6 +1665,27 @@ Wanna detect WAFs? Lets see how.
|
+
+ |
+ ZScaler (Accenture)
+ |
+
+
+ - Detectability: Easy
+ - Detection Methodology:
+
+ - Blocked response page contains:
+
+ Access Denied: Accenture Policy text.- Reference to
https://policies.accenture.com URL.
+ Your organization has selected Zscaler to protect you from internet threats.The Internet site you have attempted to access is prohibited. Accenture's webfilters indicate that the site likely contains content considered inappropriate.
+ Server header has value set to ZScaler.
+
+ |
+
## Evasion Techniques