Hi,
If you want to block it, you can choose to block the "
/dns-query" URL on the affected server/group or specific application.
You can create a wide open custom policy to block the URL everywhere or add a host header match to block it on specific domains. You can go further and also setup rate limiting on the rule and move them to short or long IP block.
As @Syed Noor Fazal said there is no guideline on On-Prem WAF but if want to avoid overloading the backend server, you can choose one or several of the above methods.
------------------------------
Sarvesh Lad
Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
------------------------------
Original Message:
Sent: 10-14-2022 05:14
From: Ken Chau
Subject: About DNS over HTTPS(DoH)
Hi all,
Recently we have observed DNS over HTTPS(DoH) traffic from Imperva WAF. Since we don't offer such service, the web server would return 404. Nevertheless, in general would there be any risk that we should be aware for web server to handle such traffic? And any suggested practice to handle DNS over HTTPS(DoH) traffic in WAF?
Thank you.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Ken Chau
IT Manager
------------------------------