Security / Varnish

Varnish as Web Application Firewall

by , , revisited on

We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

There is Varnish Security Firewall project, but you can do something really simple in your VCL to protect your application:

Send a 403 to requests that contain the following characters in the url: ",',<,>,(, and ). Place in vcl_recv:

if (req.url ~ "[\x27<>()\x22]") {
    return (synth(403, "Forbidden"));

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: