Forum Discussion

kaoutar's avatar
Icon for Cirrus rankCirrus
Apr 12, 2023

blocking ZAP tool

Hi All,

we noticed recently that some attackers use the ZAP tool to scan our web apps and most of those requests generate some issues, we tried to block these requests using attack signature based on string contains ZAP but it didn't match, so could you please suggest me another way to block these requests.

thank you

5 Replies

  • kaoutar If you can figure out an HTTP header that is always added for this tool you can block it by searching the HTTP header value and if located the connection is dropped.

    • kaoutar's avatar
      Icon for Cirrus rankCirrus

      Thank you Paulius, Unfortunately the matching key exists only on the payload of the Post request, nothing unusual in the URI or the header

      • CA_Valli's avatar
        Icon for MVP rankMVP

        Is the key static? Intercepting payload content is possible with irules