{"id":109610,"date":"2025-05-19T07:47:16","date_gmt":"2025-05-19T04:17:16","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/"},"modified":"2025-05-19T07:47:16","modified_gmt":"2025-05-19T04:17:16","slug":"16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/","title":{"rendered":"16\u060c400+ \u0633\u062a\u0627\u0631\u0647 GitHub: \u0627\u06cc\u0646 WAF \u0631\u0627\u06cc\u06af\u0627\u0646 \u062f\u0631 \u0622\u062a\u0634 \u0627\u0633\u062a"},"content":{"rendered":"<div data-article-id=\"2500598\" id=\"article-body\">\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7r4n9t3bfo05jx5zmnrx.png\" alt=\"\u0634\u0631\u062d \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"800\" height=\"441\" title=\"\"><\/p>\n<p>\u0627\u0632 \u062d\u0641\u0638 \u0642\u0648\u0627\u0646\u06cc\u0646 \u0628\u06cc \u067e\u0627\u06cc\u0627\u0646 Regex \u062f\u0631 WAF \u0647\u0627\u06cc \u0633\u0646\u062a\u06cc \u062e\u0633\u062a\u0647 \u0634\u062f\u0647 \u0627\u06cc\u062f\u061f \u0645\u0644\u0627\u0642\u0627\u062a <strong>\u062e\u0637 \u0633\u0627\u062d\u0644\u06cc<\/strong>\u060c \u06cc\u06a9 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0646\u0627\u0645\u0647 \u0648\u0628 \u0631\u0627\u06cc\u06af\u0627\u0646 \u0648 \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 \u0628\u0627 \u06cc\u06a9 \u0645\u0648\u062a\u0648\u0631 \u062a\u0634\u062e\u06cc\u0635 \u0645\u0639\u0646\u0627\u06cc\u06cc \u060c \u062d\u0641\u0627\u0638\u062a \u0627\u0632 \u067e\u0648\u06cc\u0627 \u0648 <strong>\u0628\u06cc\u0634 \u0627\u0632 16.4k \u0633\u062a\u0627\u0631\u0647 Github<\/strong>\u0628\u0634\u0631 \u0627\u06cc\u0646 \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a \u062f\u0631 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a-\u0648 \u0627\u06cc\u0646 \u0631\u0627\u06cc\u06af\u0627\u0646 \u0648 \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 \u0627\u0633\u062a.<\/p>\n<hr\/>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2ufh7qsjhwgtpi0jbp8f.png\" alt=\"\u0634\u0631\u062d \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"800\" height=\"514\" title=\"\"><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_81 counter-hierarchy ez-toc-counter-rtl ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0641\u0647\u0631\u0633\u062a \u0645\u0637\u0627\u0644\u0628<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#protection_Protection_Dynamic_%D9%87%D8%B1_%D8%A8%D8%A7%D8%B1_%D8%AC%D8%A8%D9%87%D9%87_%D8%AE%D9%88%D8%AF_%D8%B1%D8%A7_%D8%AE%D8%B1%D8%AF_%DA%A9%D9%86%DB%8C%D8%AF\" >protection Protection Dynamic: \u0647\u0631 \u0628\u0627\u0631 \u062c\u0628\u0647\u0647 \u062e\u0648\u062f \u0631\u0627 \u062e\u0631\u062f \u06a9\u0646\u06cc\u062f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#%F0%9F%A4%96_%D9%85%D8%B3%D8%AF%D9%88%D8%AF_%DA%A9%D8%B1%D8%AF%D9%86_%D8%B1%D8%A8%D8%A7%D8%AA_%DA%A9%D9%87_%D8%AF%D8%B1_%D9%88%D8%A7%D9%82%D8%B9_%DA%A9%D8%A7%D8%B1_%D9%85%DB%8C_%DA%A9%D9%86%D8%AF\" >\ud83e\udd16 \u0645\u0633\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u0631\u0628\u0627\u062a \u06a9\u0647 \u062f\u0631 \u0648\u0627\u0642\u0639 \u06a9\u0627\u0631 \u0645\u06cc \u06a9\u0646\u062f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#%F0%9F%A7%A0_%D8%AA%D8%B4%D8%AE%DB%8C%D8%B5_%D9%85%D8%B9%D9%86%D8%A7%DB%8C%DB%8C_%D9%86%D9%87_%D9%81%D9%82%D8%B7_%D9%85%D8%B7%D8%A7%D8%A8%D9%82_%D8%A8%D8%A7_%D9%82%D8%A7%D9%86%D9%88%D9%86\" >\ud83e\udde0 \u062a\u0634\u062e\u06cc\u0635 \u0645\u0639\u0646\u0627\u06cc\u06cc: \u0646\u0647 \u0641\u0642\u0637 \u0645\u0637\u0627\u0628\u0642 \u0628\u0627 \u0642\u0627\u0646\u0648\u0646<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#%F0%9F%A7%B1_%D8%A7%D9%85%D9%86%DB%8C%D8%AA_%D8%A8%D8%B1%D8%A7%DB%8C_%D8%AF%D8%B3%D8%AA%D8%B1%D8%B3%DB%8C_%D8%A8%D9%87_%D9%BE%D8%A7%D9%86%D9%84_%D9%85%D8%AF%DB%8C%D8%B1\" >\ud83e\uddf1 \u0627\u0645\u0646\u06cc\u062a \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0627\u0646\u0644 \u0645\u062f\u06cc\u0631<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#%F0%9F%94%AC_%D8%A2%D8%B2%D9%85%D8%A7%DB%8C%D8%B4%DA%AF%D8%A7%D9%87_%D8%AF%D9%86%DB%8C%D8%A7%DB%8C_%D9%88%D8%A7%D9%82%D8%B9%DB%8C_%D9%88%D8%A8_Safeline\" >\ud83d\udd2c \u0622\u0632\u0645\u0627\u06cc\u0634\u06af\u0627\u0647 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc: \u0648\u0628 + Safeline<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#%F0%9F%A7%AA_%D8%AD%D9%85%D9%84%D8%A7%D8%AA_%D8%A2%D8%B2%D9%85%D8%A7%DB%8C%D8%B4%DB%8C\" >\ud83e\uddea \u062d\u0645\u0644\u0627\u062a \u0622\u0632\u0645\u0627\u06cc\u0634\u06cc<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#%D9%86%DA%A9%D8%A7%D8%AA_%D8%B9%DB%8C%D8%A8_%DB%8C%D8%A7%D8%A8%DB%8C\" >\u0646\u06a9\u0627\u062a \u0639\u06cc\u0628 \u06cc\u0627\u0628\u06cc<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#thoughts_%D8%A7%D9%81%DA%A9%D8%A7%D8%B1_%D9%86%D9%87%D8%A7%DB%8C%DB%8C\" >thoughts \u0627\u0641\u06a9\u0627\u0631 \u0646\u0647\u0627\u06cc\u06cc<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/nabfollower.com\/blog\/16%d8%8c400-%d8%b3%d8%aa%d8%a7%d8%b1%d9%87-github-%d8%a7%db%8c%d9%86-waf-%d8%b1%d8%a7%db%8c%da%af%d8%a7%d9%86-%d8%af%d8%b1-%d8%a2%d8%aa%d8%b4-%d8%a7%d8%b3%d8%aa\/#%F0%9F%94%97_%D9%BE%DB%8C%D9%88%D9%86%D8%AF%D9%87%D8%A7\" >\ud83d\udd17 \u067e\u06cc\u0648\u0646\u062f\u0647\u0627<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"protection_Protection_Dynamic_%D9%87%D8%B1_%D8%A8%D8%A7%D8%B1_%D8%AC%D8%A8%D9%87%D9%87_%D8%AE%D9%88%D8%AF_%D8%B1%D8%A7_%D8%AE%D8%B1%D8%AF_%DA%A9%D9%86%DB%8C%D8%AF\"><\/span>\n<p>  protection Protection Dynamic: \u0647\u0631 \u0628\u0627\u0631 \u062c\u0628\u0647\u0647 \u062e\u0648\u062f \u0631\u0627 \u062e\u0631\u062f \u06a9\u0646\u06cc\u062f<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Safeline Can <strong>\u0628\u0647 \u0635\u0648\u0631\u062a \u067e\u0648\u06cc\u0627 HTML \u0648 JS \u0631\u0627 \u062a\u062d\u062a \u0627\u0644\u0634\u0639\u0627\u0639 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f<\/strong> \u062f\u0631 \u0647\u0631 \u0635\u0641\u062d\u0647 \u0628\u0627\u0631 \u060c \u06a9\u062f \u0645\u0646\u0628\u0639 \u062e\u0648\u062f \u0631\u0627 \u0628\u0631\u0627\u06cc \u062e\u0632\u0646\u062f\u0647 \u0647\u0627 \u0648 \u0631\u0628\u0627\u062a\u0647\u0627 \u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u062e\u0648\u0627\u0646\u062f\u0646 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<ul>\n<li>\n<code>\/admin\/login<\/code>  \u062a\u0628\u062f\u06cc\u0644 \u0628\u0647 \u06cc\u06a9 \u0645\u0633\u06cc\u0631 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0634\u062f\u0647 \u062a\u0635\u0627\u062f\u0641\u06cc \u0645\u0627\u0646\u0646\u062f <code>\/a8c9f1<\/code>\u0648\u062a <strong>\u0647\u0631 \u0646\u0648\u0639 \u062a\u0627\u0632\u0647 \u06a9\u0631\u062f\u0646 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u0645\u06cc \u062f\u0647\u062f<\/strong>\n<\/li>\n<li>\u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648\u0627\u0642\u0639\u06cc \u0647\u06cc\u0686 \u062a\u0641\u0627\u0648\u062a\u06cc \u0646\u0645\u06cc \u0628\u06cc\u0646\u0646\u062f. \u062e\u0632\u0646\u062f\u0647 \u0647\u0627 \u0645\u06cc \u0628\u06cc\u0646\u0646\u062f &#8230; \u0647\u06cc\u0686\u06cc.<\/li>\n<\/ul>\n<p>\ud83e\uddea <strong>\u0646\u062a\u06cc\u062c\u0647 \u062a\u0633\u062a Burpsuite:<\/strong><\/p>\n<p>\u062e\u0632\u0646\u062f\u0647 \u0627\u0632 \u0646\u0645\u0627\u06cc\u0647 \u0633\u0627\u0632\u06cc \u0645\u0633\u062f\u0648\u062f \u0634\u062f\u0647 \u0627\u0633\u062a. \u0645\u0631\u0648\u0631\u06af\u0631 \u0628\u0647 \u0637\u0648\u0631 \u0639\u0627\u062f\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0645\u06cc \u0634\u0648\u062f. \u062a\u0623\u062e\u06cc\u0631 \u0627\u0636\u0627\u0641\u06cc: 1 \u0645\u06cc\u0644\u06cc \u0645\u062a\u0631.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fei7frba9co22p0yjnzkb.png\" alt=\"\u0634\u0631\u062d \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"588\" height=\"699\" title=\"\"><\/p>\n<p>\ud83d\udca1 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u06cc\u0646 \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0627\u0646\u062a\u062e\u0627\u0628\u06cc \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u06cc\u062f:<\/p>\n<ul>\n<li>\u0641\u0642\u0637 \u0645\u0633\u06cc\u0631\u0647\u0627\u06cc \u0645\u062f\u06cc\u0631 \u0631\u0627 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u062f<\/li>\n<li>\u067e\u0631\u0648\u0646\u062f\u0647 \u0647\u0627\u06cc \u0627\u0633\u062a\u0627\u062a\u06cc\u06a9 \u0633\u0641\u06cc\u062f (CSS\/JS) \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0645\u0634\u06a9\u0644\u0627\u062a \u0637\u0631\u062d<\/li>\n<\/ul>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%F0%9F%A4%96_%D9%85%D8%B3%D8%AF%D9%88%D8%AF_%DA%A9%D8%B1%D8%AF%D9%86_%D8%B1%D8%A8%D8%A7%D8%AA_%DA%A9%D9%87_%D8%AF%D8%B1_%D9%88%D8%A7%D9%82%D8%B9_%DA%A9%D8%A7%D8%B1_%D9%85%DB%8C_%DA%A9%D9%86%D8%AF\"><\/span>\n<p>  \ud83e\udd16 \u0645\u0633\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u0631\u0628\u0627\u062a \u06a9\u0647 \u062f\u0631 \u0648\u0627\u0642\u0639 \u06a9\u0627\u0631 \u0645\u06cc \u06a9\u0646\u062f<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Safeline \u0628\u0647 \u0639\u0646\u0627\u0648\u06cc\u0646 \u0639\u0627\u0645\u0644 \u06a9\u0627\u0631\u0628\u0631 \u0645\u062a\u06a9\u06cc \u0646\u06cc\u0633\u062a. \u0627\u06cc\u0646 \u0631\u0641\u062a\u0627\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u0631\u0627 \u062a\u0623\u06cc\u06cc\u062f \u0645\u06cc \u06a9\u0646\u062f:<\/p>\n<ul>\n<li>\u0627\u0639\u062f\u0627\u0645 JS<\/li>\n<li>\u0627\u062b\u0631 \u0627\u0646\u06af\u0634\u062a<\/li>\n<li>\u062d\u0631\u06a9\u062a \u0645\u0648\u0634<\/li>\n<\/ul>\n<p>\ud83d\udeab <strong>\u0631\u0628\u0627\u062a\u0647\u0627 \u0634\u06a9\u0633\u062a \u0645\u06cc \u062e\u0648\u0631\u0646\u062f.<\/strong><\/p>\n<p>\u2705 <strong>\u0627\u0646\u0633\u0627\u0646 \u06cc\u06a9 \u0628\u0627\u0631 \u0645\u06cc \u06af\u0630\u0631\u062f \u060c \u0633\u067e\u0633 \u0622\u0632\u0627\u062f\u0627\u0646\u0647 \u0627\u062f\u0627\u0645\u0647 \u062f\u0647\u06cc\u062f.<\/strong><\/p>\n<p>\ud83e\uddea <strong>\u0622\u0632\u0645\u0627\u06cc\u0634 \u0634\u062f\u0647:<\/strong> \u06cc\u06a9 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u067e\u0627\u06cc\u062a\u0648\u0646 \u067e\u0633 \u0627\u0632 3 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u0633\u062f\u0648\u062f \u0634\u062f. IP \u0628\u0647 \u0645\u062f\u062a 30 \u062f\u0642\u06cc\u0642\u0647 \u0642\u0641\u0644 \u0634\u062f. \u0647\u06cc\u0686 Captcha \u0644\u0627\u0632\u0645 \u0646\u06cc\u0633\u062a.<\/p>\n<p>\u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0622\u0633\u062a\u0627\u0646\u0647 \u0647\u0627 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647 \u0648 \u0635\u0641\u062d\u0647 \u0642\u0641\u0644 \u0631\u0627 \u0633\u0641\u0627\u0631\u0634\u06cc \u06a9\u0646\u06cc\u062f.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo01djbco3w6zq03pd1v5.png\" alt=\"\u0634\u0631\u062d \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"762\" height=\"669\" title=\"\"><\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%F0%9F%A7%A0_%D8%AA%D8%B4%D8%AE%DB%8C%D8%B5_%D9%85%D8%B9%D9%86%D8%A7%DB%8C%DB%8C_%D9%86%D9%87_%D9%81%D9%82%D8%B7_%D9%85%D8%B7%D8%A7%D8%A8%D9%82_%D8%A8%D8%A7_%D9%82%D8%A7%D9%86%D9%88%D9%86\"><\/span>\n<p>  \ud83e\udde0 \u062a\u0634\u062e\u06cc\u0635 \u0645\u0639\u0646\u0627\u06cc\u06cc: \u0646\u0647 \u0641\u0642\u0637 \u0645\u0637\u0627\u0628\u0642 \u0628\u0627 \u0642\u0627\u0646\u0648\u0646<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Safeline \u0627\u0632 \u0627\u0645\u0636\u0627\u0647\u0627\u06cc \u0627\u0633\u062a\u0627\u062a\u06cc\u06a9 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u06cc \u06a9\u0646\u062f. \u0645\u0646 <strong>\u0645\u06cc \u0641\u0647\u0645\u062f \u06a9\u0647 \u0628\u0627\u0631 \u062f\u0631 \u062a\u0644\u0627\u0634 \u0627\u0633\u062a \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f<\/strong>\u0628\u0634\u0631<\/p>\n<ul>\n<li>\u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u0627\u0646\u0646\u062f <code>1 AND 1=1<\/code>\u060c \u062d\u062a\u06cc \u0627\u06af\u0631 \u0645\u0628\u0647\u0645 \u0628\u0627\u0634\u062f<\/li>\n<li>XSS \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0632\u0645\u06cc\u0646\u0647 \u0622\u06af\u0627\u0647 DOM \u0645\u0633\u062f\u0648\u062f \u0645\u06cc \u06a9\u0646\u062f \u060c \u0646\u0647 \u062a\u0637\u0628\u06cc\u0642 \u0627\u0644\u06af\u0648\u06cc<\/li>\n<\/ul>\n<p>\ud83e\uddea <strong>\u0645\u0639\u06cc\u0627\u0631:<\/strong><\/p>\n<ul>\n<li>33\u060c669 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0622\u0632\u0645\u0627\u06cc\u0634 \u0634\u062f\u0647<\/li>\n<li>575 \u0628\u0627\u0631 \u0645\u062e\u0631\u0628<\/li>\n<li>\u2705 \u0646\u0631\u062e \u062a\u0634\u062e\u06cc\u0635: 71.65 \u066a<\/li>\n<li>\u274c \u0645\u062b\u0628\u062a \u06a9\u0627\u0630\u0628: 0.07 \u066a<\/li>\n<li>\u26a1 \u062a\u0623\u062e\u06cc\u0631 AVG: 1ms \u060c> 2000 tps \u062f\u0631 \u0647\u0631 \u0647\u0633\u062a\u0647<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvrf1pug6jsxco0hcp45k.png\" alt=\"\u0634\u0631\u062d \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"791\" height=\"601\" title=\"\"><\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%F0%9F%A7%B1_%D8%A7%D9%85%D9%86%DB%8C%D8%AA_%D8%A8%D8%B1%D8%A7%DB%8C_%D8%AF%D8%B3%D8%AA%D8%B1%D8%B3%DB%8C_%D8%A8%D9%87_%D9%BE%D8%A7%D9%86%D9%84_%D9%85%D8%AF%DB%8C%D8%B1\"><\/span>\n<p>  \ud83e\uddf1 \u0627\u0645\u0646\u06cc\u062a \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0627\u0646\u0644 \u0645\u062f\u06cc\u0631<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>\n<strong>RBAC:<\/strong> \u0641\u0642\u0637 \u0645\u0647\u0646\u062f\u0633\u06cc\u0646 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0631\u0627 \u0628\u0647 OPS \u0628\u062f\u0647\u06cc\u062f.<\/li>\n<li>\n<strong>2FA:<\/strong> \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 TOTP \u060c \u0628\u0627 \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0646\u0646\u062f\u0647 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u06a9\u0627\u0631 \u0645\u06cc \u06a9\u0646\u062f<\/li>\n<li>\n<strong>CLI Fallback:<\/strong> <code>docker exec safeline-mgt resetadmin<\/code>  \u0627\u06af\u0631 2FA \u0631\u0627 \u0627\u0632 \u062f\u0633\u062a \u0628\u062f\u0647\u06cc\u062f<\/li>\n<\/ul>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%F0%9F%94%AC_%D8%A2%D8%B2%D9%85%D8%A7%DB%8C%D8%B4%DA%AF%D8%A7%D9%87_%D8%AF%D9%86%DB%8C%D8%A7%DB%8C_%D9%88%D8%A7%D9%82%D8%B9%DB%8C_%D9%88%D8%A8_Safeline\"><\/span>\n<p>  \ud83d\udd2c \u0622\u0632\u0645\u0627\u06cc\u0634\u06af\u0627\u0647 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc: \u0648\u0628 + Safeline<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight shell\"><code>docker run <span class=\"nt\">-d<\/span> <span class=\"nt\">-p<\/span> 8080:8080 registry.cn-shanghai.aliyuncs.com\/kubesec\/webgoat:v2023.8\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0633\u067e\u0633 \u0622\u0646 \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 Safeline \u062f\u0631 \u0632\u06cc\u0631 \u0645\u0639\u06a9\u0648\u0633 \u06a9\u0646\u06cc\u062f <code>webgoat.test<\/code>\u0628\u0634\u0631<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%F0%9F%A7%AA_%D8%AD%D9%85%D9%84%D8%A7%D8%AA_%D8%A2%D8%B2%D9%85%D8%A7%DB%8C%D8%B4%DB%8C\"><\/span>\n<p>  \ud83e\uddea \u062d\u0645\u0644\u0627\u062a \u0622\u0632\u0645\u0627\u06cc\u0634\u06cc<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>SQLI: <code>?id=1 UNION SELECT * FROM users<\/code> \u2192 \u0645\u0633\u062f\u0648\u062f \u0634\u062f\u0647<\/li>\n<li>XSS: <code><img decoding=\"async\" src=\"x\" onerror=\"alert(1)\" alt=\"\" title=\"\"><\/code> \u2192 \u0645\u0633\u062f\u0648\u062f \u0634\u062f\u0647<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fumama0detetn6jqx822g.png\" alt=\"\u0634\u0631\u062d \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"800\" height=\"501\" title=\"\"><\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D9%86%DA%A9%D8%A7%D8%AA_%D8%B9%DB%8C%D8%A8_%DB%8C%D8%A7%D8%A8%DB%8C\"><\/span>\n<p>  \u0646\u06a9\u0627\u062a \u0639\u06cc\u0628 \u06cc\u0627\u0628\u06cc<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div class=\"table-wrapper-paragraph\">\n<table>\n<thead>\n<tr>\n<th>\u0635\u0627\u062f\u0631 \u06a9\u0631\u062f\u0646<\/th>\n<th>\u062b\u0627\u0628\u062a \u06a9\u0631\u062f\u0646<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>502 \u062f\u0631\u0648\u0627\u0632\u0647 \u0628\u062f<\/td>\n<td>\u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0628\u0627\u0644\u0627\u062f\u0633\u062a \u0648 \u0634\u0628\u06a9\u0647 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631 \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f<\/td>\n<\/tr>\n<tr>\n<td>UI \u0634\u06a9\u0633\u062a\u0647<\/td>\n<td>js\/cs static statelist \u0627\u0632 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc<\/td>\n<\/tr>\n<tr>\n<td>IP \u0627\u0634\u062a\u0628\u0627\u0647 \u062f\u0631 \u0633\u06cc\u0627\u0647\u0647\u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637<\/td>\n<td>CDN IPS \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0627\u0639\u062a\u0645\u0627\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 IP \u0647\u0627\u06cc \u0645\u0647\u0627\u062c\u0645 \u0648\u0627\u0642\u0639\u06cc \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u06cc\u062f<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>\ud83d\udee0 <strong>\u0633\u062e\u062a \u0627\u0641\u0632\u0627\u0631<\/strong>: 2C\/4G \u0628\u0631\u0627\u06cc \u062a\u0623\u062e\u06cc\u0631 <1ms \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f.<\/p>\n<hr\/>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F734fuld2lp0pbq008fx5.png\" alt=\"\u0634\u0631\u062d \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"800\" height=\"323\" title=\"\"><\/p>\n<h2><span class=\"ez-toc-section\" id=\"thoughts_%D8%A7%D9%81%DA%A9%D8%A7%D8%B1_%D9%86%D9%87%D8%A7%DB%8C%DB%8C\"><\/span>\n<p>  thoughts \u0627\u0641\u06a9\u0627\u0631 \u0646\u0647\u0627\u06cc\u06cc<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Safeline \u0641\u0642\u0637 WAF \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 Regex \u0646\u06cc\u0633\u062a. \u0627\u06cc\u0646 \u0627\u0633\u062a:<\/p>\n<ul>\n<li>\u0645\u0646\u0628\u0639 \u0622\u0632\u0627\u062f \u0648 \u0628\u0627\u0632<\/li>\n<li>\u0628\u062f\u0648\u0646 \u0646\u06af\u0647\u062f\u0627\u0631\u06cc \u0627\u0645\u0636\u0627<\/li>\n<li>\u062a\u0634\u062e\u06cc\u0635 \u0645\u0639\u0646\u0627\u06cc\u06cc \u06a9\u0647 \u06a9\u0627\u0631 \u0645\u06cc \u06a9\u0646\u062f<\/li>\n<li>\u062f\u0633\u062a\u06af\u06cc\u0631\u0647 2000+ TPS\/CORE<\/li>\n<\/ul>\n<blockquote>\n<p>\u0627\u06af\u0631 \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 \u062e\u0648\u062f \u0645\u06cc\u0632\u0628\u0627\u0646 \u06cc\u0627 CTF Challenge \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u06cc\u062f \u060c \u0627\u06cc\u0646 WAF \u0627\u0633\u062a \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0627\u0645\u062a\u062d\u0627\u0646 \u06a9\u0646\u06cc\u062f.<\/p>\n<\/blockquote>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%F0%9F%94%97_%D9%BE%DB%8C%D9%88%D9%86%D8%AF%D9%87%D8%A7\"><\/span>\n<p>  \ud83d\udd17 \u067e\u06cc\u0648\u0646\u062f\u0647\u0627<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u0627\u0632 \u062d\u0641\u0638 \u0642\u0648\u0627\u0646\u06cc\u0646 \u0628\u06cc \u067e\u0627\u06cc\u0627\u0646 Regex \u062f\u0631 WAF \u0647\u0627\u06cc \u0633\u0646\u062a\u06cc \u062e\u0633\u062a\u0647 \u0634\u062f\u0647 \u0627\u06cc\u062f\u061f \u0645\u0644\u0627\u0642\u0627\u062a \u062e\u0637 \u0633\u0627\u062d\u0644\u06cc\u060c \u06cc\u06a9 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0646\u0627\u0645\u0647 \u0648\u0628 \u0631\u0627\u06cc\u06af\u0627\u0646 \u0648 \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 \u0628\u0627 \u06cc\u06a9 \u0645\u0648\u062a\u0648\u0631 \u062a\u0634\u062e\u06cc\u0635 \u0645\u0639\u0646\u0627\u06cc\u06cc \u060c \u062d\u0641\u0627\u0638\u062a \u0627\u0632 \u067e\u0648\u06cc\u0627 \u0648 \u0628\u06cc\u0634 \u0627\u0632 16.4k \u0633\u062a\u0627\u0631\u0647 Github\u0628\u0634\u0631 \u0627\u06cc\u0646 \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a \u062f\u0631 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a-\u0648 \u0627\u06cc\u0646 \u0631\u0627\u06cc\u06af\u0627\u0646 \u0648 \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 \u0627\u0633\u062a. protection &hellip;<\/p>\n","protected":false},"author":2,"featured_media":109611,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/media2.dev.to\/dynamic\/image\/width=1000,height=500,fit=cover,gravity=auto,format=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6yhjz9ic5mbielfctijj.png","fifu_image_alt":"","footnotes":""},"categories":[339],"tags":[],"class_list":["post-109610","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dev"],"_links":{"self":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/109610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/comments?post=109610"}],"version-history":[{"count":0,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/109610\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media\/109611"}],"wp:attachment":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media?parent=109610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/categories?post=109610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/tags?post=109610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}