Re: web appliaction security products (AKA application firewalls)

Hmm. Well, I personally think there are a few things that tools like Urlscan or stateful-inspection normalizing application proxies miss:

o overflows and format strings in body variables o sql injection-type attacks
o -number flaws

All these sorts of attacks are perfectly valid HTTP, and you may want to prevent them on some pages, but not on others. So management of your restrictions is an issue.

So my question is this: If I spent the few days it would take to port SPIKE Proxy over to an Application Proxy, would any of you actually use it? Theoretically you could set it up in front of your web server, optionally give it a certificate, and set up a file to tell it which variables have which restrictions (or you could use the default restrictions and individually relax them for certain variables). Any request that didn't fit the boundaries would just recieve an error message of some kind, and everything else would just get proxied through.

Would anyone use this, or would it be a waste of a couple of days? -dave Received on Sun Nov 24 16:00:01 2002