Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  About DNS over HTTPS(DoH)

    Posted 10-14-2022 05:14
    Hi all,

    Recently we have observed DNS over HTTPS(DoH) traffic from Imperva WAF. Since we don't offer such service, the web server would return 404. Nevertheless, in general would there be any risk that we should be aware for web server to handle such traffic? And any suggested practice to handle DNS over HTTPS(DoH) traffic in WAF?

    Thank you.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------


  • 2.  RE: About DNS over HTTPS(DoH)

    Posted 10-17-2022 09:39
    Hello Ken,

    Thank you for the post, our cloud waf has the solution for DNS over https but on the On-Prem WAF as of now we do not have any best practise for handling DoH however you can raise a user voice in the below link,

    https://docs.imperva.com/howto/eefd24a5



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 3.  RE: About DNS over HTTPS(DoH)

    Posted 10-17-2022 10:38
    Hi,

    If you want to block it, you can choose to block the "/dns-query" URL on the affected server/group or specific application. 

    You can create a wide open custom policy to block the URL everywhere or add a host header match to block it on specific domains. You can go further and also setup rate limiting on the rule and move them to short or long IP block.

    As @Syed Noor Fazal said     ​there is no guideline on On-Prem WAF but if want to avoid overloading the backend server, you can choose one or several of the above methods.

    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------