Web Application Firewall Detected
Description
A Web Application Firewall (WAF), Intrusion Prevention System (IPS), or Intrusion Detection System (IDS) has been detected protecting this server. Invicti identified the presence of these security controls by analyzing response variations (status codes, headers, and body content) when submitting test payloads. This is an informational finding that indicates active security measures are in place, which may affect the completeness and accuracy of vulnerability scanning results.
Remediation
To ensure comprehensive and accurate security testing results, consider the following approaches:
1. Test in a Development Environment: Conduct vulnerability scans against a development or staging instance of the application where WAF/IPS/IDS protections are disabled or configured in monitoring-only mode. This provides the most accurate assessment of the application's true security posture.
2. Whitelist Scanner IP Addresses: Configure the WAF/IPS/IDS to whitelist the IP addresses used by the security scanner, allowing test traffic to reach the application without interference.
3. Configure Detection Thresholds: Temporarily adjust WAF sensitivity settings or rate limiting thresholds during scheduled security assessments to prevent blocking legitimate testing activities.
4. Review WAF Logs: After scanning, analyze WAF logs to identify which requests were blocked and manually verify whether the blocked payloads would have successfully exploited vulnerabilities in the application.
5. Coordinate with Security Teams: Schedule scans during maintenance windows and notify security operations teams to monitor for false alarms and ensure scanning activities are not mistaken for actual attacks.