Mitigate Vulnerabilities at the Speed of a Script
Search for CVEs and get a script to mitigate them using native AWS WAF and Azure WAF
Dear VCs: yes, we use AI :)
Search for a CVE
Top searched CVEs:
CVE-2021-44228
resource "aws_wafv2_rule_group" "witics" {
name = "Witics_tf_waf_CVE-2021-44228_group"
description = "An rule group containing statements to block CVE-2021-44228"
scope = "REGIONAL"
capacity = 500
rule {
name = "rule-witics_CVE-2021-44228"
priority = 1
action {
block {}
}
statement {
byte_match_statement {
positional_constraint = "CONTAINS"
search_string = "${jndi;"
field_to_match {
all_query_arguments {}
}
text_transformation {
priority = 2
type = "LOWERCASE"
}
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "witics_tf_waf_CVE-2021-44228"
sampled_requests_enabled = false
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "witics_tf_waf_CVE-2021-44228_group"
sampled_requests_enabled = false
}
tags = {
Name = "witics_rule"
Code = "CVE-2021-44228"
}
}
resource "azurerm_resource_group" "example" {
name = "example-rg" # replace as needed
location = "West Europe" # replace as needed
}
resource "azurerm_web_application_firewall_policy" "witics" {
name = "Witics_tf_waf_CVE-2021-44228_policy"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
custom_rules {
name = "rule-witics_CVE-2021-44228"
priority = 1
rule_type = "MatchRule"
match_conditions {
match_variables {
variable_name = "RequestUri"
}
operator = "Contains"
negation_condition = false
match_values = ["${jndi;"]
}
match_conditions {
match_variables {
variable_name = "RequestHeaders"
}
operator = "Contains"
negation_condition = false
match_values = ["${jndi;"]
}
action = "Block"
}
policy_settings {
enabled = true
mode = "Prevention"
request_body_check = true
file_upload_limit_in_mb = 100
max_request_body_size_in_kb = 128
}
}
# Create WAF config
$wafConfig = New-AzApplicationGatewayWebApplicationFirewallConfiguration `
-Enabled $true `
-FirewallMode "Prevention" `
-RuleSetType "OWASP" `
-RuleSetVersion "3.0"
# Create a User-Agent header custom rule
$variableheader = New-AzApplicationGatewayFirewallMatchVariable `
-VariableName RequestHeaders
$variableuri = New-AzApplicationGatewayFirewallMatchVariable `
-VariableName RequestUri
$conditionheader = New-AzApplicationGatewayFirewallCondition `
-MatchVariable $variableheader `
-Operator Contains `
-MatchValue "${jndi;" `
-Transform Lowercase `
-NegationCondition $False
$conditionuri = New-AzApplicationGatewayFirewallCondition `
-MatchVariable $variableuri `
-Operator Contains `
-MatchValue "${jndi;" `
-Transform Lowercase `
-NegationCondition $False
$rule = New-AzApplicationGatewayFirewallCustomRule `
-Name rule-witics_CVE-2021-44228 `
-Priority 1 `
-RuleType MatchRule `
-MatchCondition $conditionheader, $conditionuri `
-Action Block
# Create a firewall policy
$wafPolicy = New-AzApplicationGatewayFirewallPolicy `
-Name Witics_tf_waf_CVE-2021-44228_policy `
-ResourceGroup "example-rg" `
-Location "West Europe" `
-CustomRule $rule
Contact Us
* by using Witics, you agree to the Witics terms and conditions