Security / Varnish

Varnish as Web Application Firewall

by ,


There is Varnish Security Firewall project, but you can do something really simple in your VCL to protect your application:

Send a 403 to requests that contain the following characters in the url: ",',<,>,(, and ). Place in vcl_recv:

if (req.url ~ "[\x27<>()\x22]") {
    return (synth(403, "Forbidden"));
}

Leave a Reply