Profile

Louis Tsoi

Contact Details

1 to 14 of 14 total

RE: About Spring-framework 0 day RCE

Posted By Louis Tsoi 03-31-2022 07:18
Found In Egroup: Imperva Cyber Community \ view thread
Hi Sarah, Glad to know that the SpringShell is blocked by default! Going further, we have customers who would like to know which default security policy / signature is blocking the payload, or what alert is being raised when the payload arrives at WAF With this information, they can closely monitor ...

Forwarded Connections - Handling CDN Services

Posted By Louis Tsoi 06-15-2021 15:10
Found In Egroup: Imperva Cyber Community \ view thread
Hi, We have deployed On-premises WAF. We also have CDN services for our websites. We are configuring "Forwarded Connections" in order to let WAF capture the real client IP address from HTTP header. But we have some questions for the "Proxy IP Group" setting. It is understood that we should keep ...

RE: Server Group Limitation in v14.3

Posted By Louis Tsoi 05-28-2021 04:56
Found In Egroup: Imperva Cyber Community \ view thread
Hello ​​Oliver, This guide may be useful to you. Hope it helps. https://docs.imperva.com/bundle/v14.3-web-application-firewall-user-guide/page/431.htm Note that there are 2 columns: "MAXIMUM" and "RECOMMENDED". Thanks. ------------------------------ Louis Tsoi Associate Consultant Cyberforce ...

RE: Best practice for Transparent Reverse Proxy mode

Posted By Louis Tsoi 05-16-2021 22:45
Found In Egroup: Imperva Cyber Community \ view thread
Hello @Jaired Anderson, ​ I have a question to your answer No.2. I can understand if this is a KRP. But for TRP, how would WAF handle the decryption and re-encryption if a different certificate is used? I was supposing that in TRP mode the SSL session was still maintained between the client and ...

RE: Redirect traffic from the root to a subdirectory

Posted By Louis Tsoi 05-04-2021 22:35
Found In Egroup: Imperva Cyber Community \ view thread
Hi John, I guess this might help. https://docs.imperva.com/bundle/cloud-application-security/page/rules/create-rule.htm#Redirect You can setup rules for "Redirect URL", or even "Rewrite Request", see which one better fits in your case. ------------------------------ Louis Tsoi Associate Consultant ...

RE: nmap and port scanning

Posted By Louis Tsoi 04-08-2021 07:23
Found In Egroup: Imperva Cyber Community \ view thread
Hi, Speaking from my own point of view, we expect a Web Application Firewall to protect against web service/application attacks. And it does its job, by letting you see the alert if you run scripts to emulate attacks by making actual HTTP request. My idea is, if you are looking for a tool which, ...

RE: Access Denied on Software Update option

Posted By Louis Tsoi 04-08-2021 01:05
Found In Egroup: Imperva Cyber Community \ view thread
Hello Oliver, Please refer to v13.6 on-premise release notes. https://docs.imperva.com/bundle/v13.6-release-notes/page/59230.htm Are you working on 6G appliances? As of SecureSphere v13.6, the following features are not supported Onebox Support: MX and Gateway are not supported on the ...

RE: Separation on MX for WAF and DAM??

Posted By Louis Tsoi 03-19-2021 07:59
Found In Egroup: Imperva Cyber Community \ view thread
Hello Sabajete, Thanks for bringing up this piece of news. So the whole thing will be split up between WAF and DAM starting from v14.4. Best Regards. ------------------------------ Louis Tsoi Technical Specialist Cyberforce Limited Kowloon ------------------------------

SQL Injection Protection Pactice (On-premise WAF)

Posted By Louis Tsoi 03-18-2021 16:15
Found In Egroup: Imperva Cyber Community \ view thread
Hi, Apart from: - Default security policies - Keeping latest ADC updates - Activate "ThreatRadar - SQL Injection IPs" feed What else do you recommend on on-premise WAF about defending against SQL injection attacks? Please share me some insights or let me benefit from your experiences. Thanks. ...

Separation on MX for WAF and DAM??

Posted By Louis Tsoi 03-18-2021 15:16
Found In Egroup: Imperva Cyber Community \ view thread
Hi, Starting from v14.1, on-premise gateways will be designated as WAF or Data Security only. But there is no impact on MX, which means a single MX can still manage multiple WAF and DAM gateways. I wonder if there is anything in the up-coming roadmap that similar separation is going to happen to ...

RE: User information shows as Multiple in Splunk, if Aggregation happened in Imperva

Posted By Louis Tsoi 02-05-2021 04:57
Found In Egroup: Imperva Cyber Community \ view thread
Hi Vishal, I haven't tried it but I guess switching to "send syslog from Gateways" may help in this case. Policy events are aggregated at MX into alerts. If syslog is sent from Gateways directly, it should happen before the aggregation. - Please be reminded that you need to allow the Gateways' ...

RE: How does Virtual Patching works for DAM?

Posted By Louis Tsoi 02-04-2021 05:21
Found In Egroup: Imperva Cyber Community \ view thread
Hi Larry, From my own understanding, DAM is like a "read-only" module and cannot do blocking. I believe that you need DBF for virtual patching. DBF: https://docs.imperva.com/bundle/v12.6-database-activity-monitoring-user-guide/page/9073.htm DAM: https://docs.imperva.com/bundle/v12.6-databas ...

RE: Help with client vs server traffic

Posted By Louis Tsoi 02-04-2021 04:52
Found In Egroup: Imperva Cyber Community \ view thread
Hi Fred, Firstly, you are suggested to read the User Guide about this topic if you haven't. https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/3097.htm To make it simple, I think you can understand it like this: In the network path, WAF is listening to requests from ...

RE: Request Headers X-Forwarded-For-Proto

Posted By Louis Tsoi 01-25-2021 22:53
Found In Egroup: Imperva Cyber Community \ view thread
Hi Mark, It seems you have already resolved the issue by changing your internal ELB into NLB. Please allow me to add some notes for you. From what you have described, I guess the product you are using is the "On-premise WAF" deployed on AWS environment. (It is formerly named "SecureSphere".) And ...