Launching a Rule Set based on Tor IP addresses, which can detect and block users accessing through the Tor Browser

Tor Browser is a web browser that provides anonymous network services. While it offers strong anonymity to evade censorship and surveillance, it can also be misused for illegal activities.

Assign a Label to each Rule in the OWASP Top 10 Rule Set
– Label name structure : awswaf:managed:cloudbric:owasp:[Rule Name]
– Label name example : ‘awswaf:managed:cloudbric:owasp:XSS_1‘
(When matched to ‘Cloudbric_XXS_1‘ Rule of OWASP Top 10 Rule Set)

In the event of a false positive, it is possible to create a label-based custom override rule to narrow the range of the override.

Create Rule Set in AWS New Regions Zurich(eu-central-2), Hyderabad(ap-south-2), Spain(eu-south-2),  and Melbourne(ap-southeast-4)

Create Rule Set in UAE (United Arab Emirates), AWS New Region ‘UAE(me-central-1)’

Modify ‘Cloudbric_RequestMethodFiltering’ Rule for use of Rest(ful) API (PUT, DELETE method allowed)

Does not affect WAF operation, PUT/DELETE/HTTP methods will not be blocked by WAF as of Nov 11^th, 2022.

Add new rules for ‘Log4 vulnerabilities’ (CVE-2021-44228, CVE-2021-45046, CVE-202145105, CVE-2021-4104) and ‘Cloubric_Log4j’,’Cloudbric_Unix_ShellScript’ to prevent attacks through shell script commands.

Modify ‘Cloudbric_StealthCommanding_Execute’ Rule to improve false positives

Delete the existing ‘Cloudbric_Invalid_URL’ Rule to improve false positives.

‘Cloudbric_Unix_ShellScript’ and Cloudbric_Log4j’ Rule can affect WAF operation depending on the user environment. It is recommended to apply after testing with Count Action.