Hi - wondering if IPS can prevent this from occurring. We host a few public facing websites behind an R80.40 gateway. Most of the recommended IPS defs are enabled, but we recently got dinged on an external pen test.
This is what the pen tester is able to do (he's referring to the CP gateway as the "WAF"):
"Finding #2 – IP Spoofing Web Application Firewall Bypass – It is still possible to bypass the WAF blocks by adding the “X-Forwarded-For” Header to the POST request and iterating the last octet for 127.0.0.x. Without the “X-Forwarded-For” header, I am blocked after 5 attempts. After adding, I could continue without the WAF hindering me indefinitely."
This is referring to a login screen over https.
Any ideas would be greatly appreciated.. thanks.