Buffer overflow check 编辑

The Buffer Overflow check detects attempts to cause a buffer overflow on the web server. If the Web App Firewall detects that the URL, cookies, or header are longer than the configured length, it blocks the request because it can cause a buffer overflow.

The Buffer Overflow check prevents attacks against insecure operating-system or web-server software that can crash or behave unpredictably when it receives a data string that is larger than it can handle. Proper programming techniques prevent buffer overflows by checking incoming data and either rejecting or truncating overlong strings. Many programs, however, do not check all incoming data and are therefore vulnerable to buffer overflows. This issue especially affects older versions of web-server software and operating systems, many of which are still in use.

The Buffer Overflow security check allows you to configure the Block, Log, and Stats actions. In addition, you can also configure the following parameters:

  • Maximum URL Length. The maximum length the Web App Firewall allows in a requested URL. Requests with longer URLs are blocked. Possible Values: 0–65535. Default: 1024
  • Maximum Cookie Length. The maximum length the Web App Firewall allows for all cookies in a request. Requests with longer cookies trigger the violations. Possible Values: 0–65535. Default: 4096
  • Maximum Header Length. The maximum length the Web App Firewall allows for HTTP headers. Requests with longer headers are blocked. Possible Values: 0–65535. Default: 4096
  • Query string length. Maximum length allowed for query string in an incoming request. Requests with longer queries are blocked. Possible Values: 0–65535. Default: 1024
  • Total request length. Maximum request length allowed for an incoming request. Requests with longer length are blocked. Possible Values: 0–65535. Default: 24820

Using the command line to configure the Buffer Overflow security check

To configure Buffer Overflow security check actions and other parameters by using the command line

At the command prompt, type:

add appfw profile <name> -bufferOverflowMaxURLLength <positive_integer> -bufferOverflowMaxHeaderLength <positive_integer> - bufferOverflowMaxCookieLength <positive_integer> -bufferOverflowMaxQueryLength <positive_integer> -bufferOverflowMaxTotalHeaderLength <positive_integer>

Example:

add appfw profile profile1 –bufferOverflowMaxURLLength 7000 –bufferOverflowMaxHeaderLength 7250 – bufferOverflowMaxCookieLength 7100 –bufferOverflowMaxQueryLength 7300 –bufferOverflowMaxTotalHeaderLength 7300

Configure buffer overflow security check by using the Citrix ADC GUI

  1. Navigate to Security > Web App Firewall and Profiles.
  2. On the Profiles page, select a profile and click Edit.
  3. On the Citrix Web App Firewall Profile page, go to Advanced Settings section and click Security Checks.
  4. In Security Checks section, select Buffer Overflow and click Action Settings.
  5. In the Buffer Overflow Settings page, set the following parameters. a. Actions. Select one or more actions to perform for command injection security check. b. Maximum URL Length. Maximum length, in characters, for URLs on your protected websites. Requests with longer URLs are blocked. c. Maximum Cookie Length. Maximum length, in characters, for cookies sent to your protected websites. Requests with longer cookies are blocked. d. Maximum Header Length. Maximum length, in characters, for HTTP headers in requests sent to your protected websites. Requests with longer headers are blocked. e. Maximum Query Length. Maximum length, in bytes, for query string sent to your protected websites. Requests with longer query strings are blocked. f. Maximum Total Header Length. Maximum length, in bytes, for the total HTTP header length in requests sent to your protected websites. The minimum value of this and maxHeaderLen in httpProfile will be used. Requests with longer length are blocked.
  6. Click OK and Close.

    Buffer overflow check configuration

Using the Log Feature with the Buffer Overflow Security Check

When the log action is enabled, the Buffer Overflow security check violations are logged in the audit log as APPFW_BUFFEROVERFLOW_URL, APPFW_BUFFEROVERFLOW_COOKIE, and APPFW_BUFFEROVERFLOW_HDR violations. The Web App Firewall supports both Native and CEF log formats. You can also send the logs to a remote syslog server.

If you use the GUI to review the logs, you can use the click-to-deploy feature to apply relaxations indicated by the logs.

To access the log messages by using the command line

Switch to the shell and tail the ns.logs in the /var/log/ folder to access the log messages pertaining to the Buffer overflow violations:

> **Shell**
> **tail -f /var/log/ns.log | grep APPFW_BUFFEROVERFLOW**
<!--NeedCopy-->

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:68 次

字数:6285

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文