slink: WAF: Wrong Approach Firewall
Jun 7, 2026•Channel
AI Analysis
Data from YouTube Data API v3•Updated Just now
Video Overview
Video Details
Published1 month ago
Duration1:01:43
Video IDBOGUwO2kPLo
Languageen
CategoryScience & Technology
PrivacyPublic
Made for KidsNo
Video TypeRegular Video
Performance Metrics
Views946
Likes35
Comments0
Engagement Rate3.70%
Likes per 100 views3.70
Comments per 1K views0.00
Video Tags
Description
https://media.ccc.de/v/gpn24-385-waf-wrong-approach-firewall
Web Application Firewalls (WAFs) for filtering based on HTTP and payload are omnipresent. In this talk an argument will be made that, in many cases, the wrong approach for implementing WAFs is chosen: They are implemented as "deny firewalls" which specifically forbid "bad" traffic based on pattern rules, while for network security (layers 3/4) professionals would only ever follow an "allow firewall" approach, which explicitly lets "good" traffic pass and denies everything else.
"deny WAFs" are oftentimes marketed as simple, easy to use, out-of-the-box solutions, but, by design, they can only prevent known exploits. Also, practical aspects limit their potential, when rulesets breaking functionality have to be disabled.
While the "allow WAF" approach presented here implies more effort, its main advantage is protection against new attack vectors ("zero days") and it comes with a lot of side benefits, such as improved performance and resilience through caching.
Concepts will be introduced:
* HTTP Basics
* Signed URLs / signed requests
* Regular Expressions
* HTTP Caching
Practical examples with Vinyl Cache will be presented:
* Rules based on HTTP method and URL
* Header filtering
* Regular Expressions on body data
slink
https://cfp.gulas.ch/gpn24/talk/9TSLFQ/
#gpn24 #CyberSecurity
Licensed to the public under https://creativecommons.org/licenses/by/4.0/