You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.5 KiB
34 lines
1.5 KiB
#!/usr/bin/env python
|
|
'''
|
|
Copyright (C) 2020, WAFW00F Developers.
|
|
See the LICENSE file for copying permission.
|
|
'''
|
|
|
|
NAME = 'AppWall (Radware)'
|
|
|
|
|
|
def is_waf(self):
|
|
# 定义两个不同的检测模式。
|
|
schema1 = [
|
|
# 检查响应内容中是否包含'CloudWebSec.radware.com'。
|
|
self.matchContent(r'CloudWebSec\.radware\.com'),
|
|
# 检查响应头中的'X-SL-CompState'字段是否存在且不为空。
|
|
self.matchHeader(('X-SL-CompState', '.+'))
|
|
]
|
|
schema2 = [
|
|
# 检查响应内容中是否包含'because we have detected unauthorized activity'。
|
|
self.matchContent(r'because we have detected unauthorized activity'),
|
|
# 检查响应内容中是否包含'<title>Unauthorized Request Blocked'。
|
|
self.matchContent(r'<title>Unauthorized Request Blocked'),
|
|
# 检查响应内容中是否包含'if you believe that there has been some mistake'。
|
|
self.matchContent(r'if you believe that there has been some mistake'),
|
|
# 检查响应内容中是否包含'\?Subject=Security Page.{0,10}?Case Number',其中.{0,10}?表示最多十个任意字符。
|
|
self.matchContent(r'\?Subject=Security Page.{0,10}?Case Number')
|
|
]
|
|
# 如果 schema1 中的任何一个条件为真,则认为检测到了 WAF。
|
|
if any(i for i in schema1):
|
|
return True
|
|
# 如果 schema2 中的所有条件都为真,则认为检测到了 WAF。
|
|
if all(i for i in schema2):
|
|
return True
|
|
return False |