Muvi Blogs

Beyond The Buzz- Latest Insights From Muvi

Please wait while we enable your Account

0%

Contacting Amazon Web Services
Deploying Cloud Servers, Storage, Transcoding & Database Servers
Deploying Global CDN
Deploying Firewall & Enabling Security Measures
Deploying the CMS & Admin Module
Deploying Website, Mobile & TV Apps framework
Creating your FTP account
Finishing up all the modules
Preparing for launch

AWS Rule for XSS Attack 01 February 2021

What is XSS attack?

Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end-user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

 

What is AWS WAF(Web Application Firewall)?

 AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, or an Application Load Balancer. AWS WAF also lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, API Gateway, CloudFront, or an Application Load Balancer responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You also can configure CloudFront to return a custom error page when a request is block content.                                  

WAF Rule for XSS attack

 The rule that is used to block XSS in AWS WAF is CrossSiteScripting_BODY

If it is enabled, it inspects the value of the request body and blocks common cross-site scripting (XSS) patterns using the built-in XSS detection rule in AWS WAF. 

 What must not be done?

 If this rule is activated, then obviously, we just can’t send HTML data in our request body.

Please check the attached screenshot below, There you can we got a 403 forbidden error from AWS only.

 

How to do this if needed?

 If we have to send any HTML content through the request parameter, we must encode it using any encoding technologies and decode it after reaching our server.

Please find the screenshot attached below. Here we used the Base64 encode mechanism and sent the data to the service.

 

Code snippets for reference.

Frontend: – 

Coding language – Angular

This is just before we send data to the service.

 

Backend: – 

Coding language: – PHP(Lumen Framework)

Here we have decoded the request after getting it on the service end.

 

Don't forget to share this post!


Abhaya Senapati
With an innate love of writing code to solve complex issues, Abhaya has 5+ years of experience in full-stack development and is currently leading the Engineering & Development pod at Muvi.

Latest Posts

Start Muvi One 14-days Free Trial

No Credit Card Required

Your website will be at https://www.yourname.muvi.com, you can change this later.

Related Blogs
EST (Electronic Sell Through) - The What, Why and How

EST (Electronic Sell Through) - The What, Why and How

  Electronic Sell Through (EST) has been a game changer since last year because the acquisition of digital movies and...

30 November 2022
Metadata Management - Makes your content Search Friendly and Easily Discoverable with Muvi!

Metadata Management - Makes your content Search Friendly and Easily Discoverable with Muvi!

  Why must you consider metadata management? Video metadata is highly essential for successful content recommendation as well as providing...

29 November 2022
How to Provide an Uninterrupted FIFA World Cup Streaming Experience to your Audiences with HLS?

How to Provide an Uninterrupted FIFA World Cup Streaming Experience to your Audiences with HLS?

    Soccer is a widely popular game and FIFA is the most watched event in the sports industry. A...

29 November 2022
4 Must-Needed Technologies to look for in a VOD Platform

4 Must-Needed Technologies to look for in a VOD Platform

  Are you planning to build your own VOD platform? There are several practical technologies to pay attention to for...

28 November 2022
How Improved CDN Helps Meet Surging OTT Demand?

How Improved CDN Helps Meet Surging OTT Demand?

  Content Delivery Networks are servers that are distributed geographically, and function together to serve your viewers faster and with...

25 November 2022






 

Get Offer
close-link