Web Application Firewall Demo
Test WAF blocking of malicious requests. The CDN will block SQL injection, XSS attempts, and other suspicious patterns.
WAF Rules
SQL Injection: Detects common SQL injection patterns (e.g.,
1' OR '1'='1)
XSS: Blocks cross-site scripting attempts (e.g.,
<script>alert('xss')</script>)
Path Traversal: Prevents directory traversal attacks (e.g.,
../../../etc/passwd)
Suspicious User Agents: Blocks requests with suspicious user agents (e.g., sqlmap, nikto, nmap)
Test URLs
Click the links below to test WAF protection. Malicious requests will be blocked by the CDN with HTTP 403.
SQL Injection Test
GET /waf/test?q=1' OR '1'='1This request contains SQL injection patterns and should be blocked.
XSS Test
GET /waf/test?q=<script>alert('xss')</script>This request contains XSS patterns and should be blocked.
Path Traversal Test
GET /waf/test?file=../../../etc/passwdThis request contains path traversal patterns and should be blocked.
Testing Instructions
- Click the test URLs above to make requests
- Malicious requests should return HTTP 403 (Forbidden) with a WAF error message
- Normal requests should return HTTP 200 (OK)