1. Comment by Ofer Shezaf

    As far as I understand the patch simply checks that the HTTP response version is 1.0. I am not sure and would appreciate any comment on why this would identry a SecureSphere.

  2. Comment by Mathieu Dessus

    Yes, you got it: when doing a HTTP/1.1 request, you should get an HTTP/1.1 response. With SecureSphere, this is not the case. While for regular web server, and a few others WAF I tested, it responds with the same version.

  3. Comment by Anant

    I am little confused. If Imperva SecureSphere is deployed in INLINE BRIDGE mode still it can be detected?

    As i understand it can be detected only if WAF is detected in reverse proxy mode.

    As we dont give ip address to WAF in bridge mode then still it can be detected?

  4. Comment by Mathieu Dessus

    Yes it can be detected. As long as the WAF is responding in place of the real web server, the trick should work.

  5. Comment by Mathieu Dessus

    I’ve also added detection for IBM Data Power: http://code.google.com/p/waffit/source/list

(Close inline comments) (Respond now)