TL;DR
Yes, a Web Application Firewall (WAF) can block or detect crafted HTML files and obfuscated PHP scripts/shells. The effectiveness depends on the WAF’s ruleset, configuration, and the sophistication of the attack. This guide explains how to improve detection.
Detecting Malicious HTML
- Understand Common Attacks: Crafted HTML often uses techniques like:
- Cross-Site Scripting (XSS): Injecting malicious JavaScript into trusted websites.
- HTML Injection: Altering the website’s structure or content.
- Phishing: Creating fake login forms to steal credentials.
- WAF Rules for HTML: Configure your WAF with rules that look for:
- Suspicious Tags: