I have a head-scratcher here. Over a year ago, I wrote a website feature/form where I could submit SQL Code that is not executed but stored in a table. This feature worked when I created it, as I was able to upload several scripts into the database. I have not needed to use this feature for several months, and recent upgrades to my website had me re-checking features. The feature stopped working ... and after some research, it was determined that our company firewall was now blocking the form from submitting due to a detection of "SQL Injection".
They swear that no changes were made to the firewall, however, this seems unlikely since this feature previously functioned. Regardless ... the confusion I have is that I know many websites, like this one, that allow people to post "code" using a web form interface without being flagged as SQL Injection. I am sure websites (like this one) have firewalls protecting them as well.
Download Zip ->->->-> https://blltly.com/2yVJ6I
There is a form, with a LargeTextArea control, where a SQL Script is entered. This SQL code is transmitted via postback to the server, and server-side code handles the saving of the script into a table. Very similar to what this website (StackOverflow) does I would assume. We can post code here, without it being intercepted and blocked by a firewall. The code we post here in our messages is eventually stored in a database on the server. That is the same behavior that I am performing.
Because of the firewall intervening between the client browser and the web server, the postback is never completed. Therefore, the server never receives the postback data to perform any processing. The client browser simply receives a "connection-reset" error.
I always thought of SQL Injection as something that should be handled server-side ... the responsibility of the programmer to ensure it is not abused. Having a firewall interfere prior to arriving at the server and having code execute to even check for SQL Injections ... feels wrong to me. Even if you have code that prevents SQL Injection, it would not matter if the firewall intercepts and intervenes prior to any server-side logic. Am I wrong?
UPDATE (04/17/2023):The final solution for anyone reading this ... is that there is no solution. When there is a situation where another department that controls a firewall, institutes a "rule" that blocks communication, there is nothing that honestly can be done. The firewall is interfering with the entire process and takes the decision-making out of the programmer's hands. The only "solution" is to run the website code/page on the IIS Server directly, which would bypass the firewall entirely. This is a band-aid at best ... because it would only be a usable solution for administrators (like myself) that have access to run the site on the server directly. If at any point, this functionality is needed for clients to use, there would be no workaround.
Since this doesn't seem to be an option for you, you might consider bypassing the rule with obfuscation. For example - encrypting with a simple fixed key before putting it in the database (and decrypting on display) would hide this code from the firewall. And also provide some guardrails against it being executed in the future.
With bypassing security checks you are taking on a great responsibility. You should be very careful to ensure (and warn in comments) that this code is never executed. This includes executing it to check that it is correct SQL - which could also be abused for SQL injection.
This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the Create an Inbound Program or Service Rule procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria.
This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. To combine the program and port rule types into a single rule, follow the steps in the Create an Inbound Port Rule procedure in addition to the steps in this procedure.
In the preceding command, the value of can be UNRESTRICTED or RESTRICTED. Although the command also permits the value of NONE, that setting means the service cannot be used in a firewall rule as described here. By default, most services in Windows are configured as UNRESTRICTED. If you change the SID type to RESTRICTED, the service might fail to start. We recommend that you change the SID type only on services that you want to use in firewall rules, and that you change the SID type to UNRESTRICTED.
It is a best practice to restrict the firewall rule for the program to only the ports it needs to operate. On the Protocols and Ports page, you can specify the port numbers for the allowed traffic. If the program tries to listen on a port different from the one specified here, it is blocked. For more information about protocol and port options, see Create an Inbound Port Rule. After you have configured the protocol and port options, select Next
By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. This type of rule prevents the program from sending any outbound network traffic on any port. To create an outbound firewall rule for a program or service:
I'm trying to see if anyone here have experience or best practices to follow when moving from one sophos XG to another device. To give you guys a bit of a background, we have been using a XG310 device which was provided by our service provider. Recently we have moved to new WAN provider and have purchased a new XG310 to setup. Currently we have about 15 RED devices and quite a few business/firewall rules on the existing firewall.
Thank you for your reply. What about the REDs? In order to migrate them I will possibly need to update 2nd WAN port to have the new public IP then move them across? when restoring backups, RED configuration will be carried across to new device including the unlock code etc...?
Thank you again for your valuable input. In my case given the public firewall IP change, I would need to update 2nd WAN interface on the WAN to new firewall IP then do the restore? so that when the new firewall comes online, REDs can talk to it? Also with regards to restore, I assume it only restores the configs? not the license as I'm using a new license on the new device.
I have been trying to do the restore but nothing seems to have worked so far. I thought initially this was due to the different firmware that is running on the devices. Upgraded to match firmware, however, the restore process still fails. Then I was told that the new XG is rev2 whereas my current is rev1 and restore is not possible. Is this true?
open a ticket with support. The only restriction during upgrade is the number of NIC must be equal or greater. For the RED, uhm...they are associated with the UTM/XG Customer ID, so they should work without any passcode reset.
Yes, I have opened a support ticket and awaiting confirmation. Looks like I have another issue with REDs then by reading your comments. Currently, our firewall is registered with our managed provider's account. However moving forward, the new firewall is registered under one of our accounts. So is this going to impact RED device migration?
This page describes the commands for working with Virtual Private Cloud (VPC) firewallrules and offers some examples of how to use them. VPC firewallrules let you allow or deny traffic to or fromvirtual machine (VM) instancesin a VPC network based on port number, tag, orprotocol.
When you create a firewall rule, you can choose to enable Firewall RulesLogging. If you enable logging, you can omit metadata fields to save storagecosts. For more information, seeUse Firewall Rules Logging.
The default network provides automatic firewall rules at creation time. Customand auto mode networks allow you to create similar firewalls easily duringnetwork creation if you're using the Google Cloud console. If you are using thegcloud CLI or the API and want to create similar firewall rules tothose that the default network provides, see Configure firewall rules forcommon use cases.
--enable-logging --no-enable-logging You can enable Firewall RulesLogging for a rule when you create or update it. Firewall Rules Loggingallows you audit, verify, and analyze the effects of your firewall rules.See Firewall Rules Logging for details.
You cannot use the sourceTags and sourceServiceAccounts fieldstogether. However, you can use sourceRanges with either sourceTagsor sourceServiceAccounts. If you do, the connection just needs to matchone or the other for the firewall rule to apply.
You can modify some components of a VPC firewall rule, such asthe specified protocols and destination ports for the match condition. Youcannot modify a firewall rule's name, network, theaction on match,and the direction of traffic.
If you enableFirewall Rules Logging,Firewall Insights can provide insights about your firewall rulesto help you better understand and safely optimize their configurations. Forexample, you can view which allow rules haven't been used in the last six weeks.For more information, see Using the Firewall rules detailsscreenin the Firewall Insights documentation.
For each network interface, the Google Cloud console lists all of theVPC firewall rules that apply to the interface and the rules thatare actually being used by the interface. Firewall rules can mask other rules,so all of the rules that apply to an interface might not actually be used by theinterface.
aa06259810