- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-20-2022 01:31 AM
Hi,
what is the curl command in AWS EC2 to test if Log4J is well blocked by my AWS Cloud NGFW?
07-25-2022 10:27 AM
Hello @mderaet
Greetings from Palo Alto Networks!
Log4j attack is blocked by default in CloudNGFW please make sure your CloudNGFW security profiles are set to Enabled (Best Practice).
Please refer to the below link for your reference.
Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
07-20-2022 12:10 PM - edited 07-20-2022 12:23 PM
Hello @mderaet
Greetings from Palo Alto Networks!
I saw your post and here is the curl command please make changes based on your environment IP address.
Below is the video link which explains CloudNGFW implementation against the Log4j attack.
Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
07-21-2022 01:24 AM
Hey Taneja,
that would be lovely if I can copy the command as it is not possible. It seems you gave me a picture?
07-21-2022 09:29 AM
Hello @mderaet
Greetings from Palo Alto Networks!
I apologize I was having an issue pasting the command here.
Please find the pdf file attached to this post which contains the curl command and please make changes in the command based on your environment IP address.
Below is the video link which explains CloudNGFW implementation against the Log4j attack.
Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
07-23-2022 04:54 AM
Hey Taneja,
it does not work
So I would like to open a support case (I have premium support) and have a zoom meeting monday to solve this.
Thanks
07-23-2022 04:55 AM
I would like to give you more details on this but impossible with the chat box here.
07-23-2022 07:05 AM
Hi
I launched this curl to an external web server (a colleague of mine) and the curl is successfull!!
In cloudwatch I can see the rule which allows this curl.. Isnt Log4J attack blocked by default?
Please advise
07-25-2022 10:27 AM
Hello @mderaet
Greetings from Palo Alto Networks!
Log4j attack is blocked by default in CloudNGFW please make sure your CloudNGFW security profiles are set to Enabled (Best Practice).
Please refer to the below link for your reference.
Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!