WAF web decoding function can decode base64-encoded data. After that, WAF performs attack detection by identifying attack signatures and provides prevention. The web decoding function is configured per website.
Web Decoding Configuration
Step 1. Choose Security Management > Website Protection, select a website group, click Web Decoding, and then click Create in the upper-right corner of the page.
Step 2. Edit the policy.
- Policy Name: is user-defined.
- Decoding Mode: click the Add icon to add decoding modes and the Delete icon to delete decoding modes. A maximum of ten decoding modes can be added. Currently, only base64 decoding is supported, and later more decoding modes will be supported.
- Protocol: HTTP or HTTPS.
- URI_Path: does not include the resource file name, and must start with a slash (/). The following match options are supported: equal to, inclusive, and regular expression.
- Parameter: indicates the parameter name. The following match options are supported: equal to, inclusive, and regular expression.
Note that every website can be configured with a maximum of 100 decoding policies. A policy can be configured with a maximum of 30 parameters.
Testing Case
Step 1. Construct a test character string and encode it with the base64 algorithm.
Step 2. Assign the base64-encoded character to a parameter.
Take the parameter name NSFOCUS as an example.
Step 3. Edit the web decoding policy.
Step 4. Perform the decoding.
The parameter value is successfully decoded and intercepted by WAF SQL injection protection module.
Protection logs can be viewed under Logs & Reports > Security Protection Logs > Web Security Logs.