Q1. Is there a list of what attack A10 Harmony can detect and block concretely?

1-1. "Remote Command Execusion" of "Generic Categories"
What command does "Remote Command Execusion" detect and block?
For example, Xpath Injection, OS command Injection, SSI Injection, etc...

A10 : These rules look for attempts to access OS commands such as curl, wget and cc.These commands are often used in injection attacks to force the victim web application to initiate a connection out to a hacker site to download, compile and install malicious toolkits such as those to participate in Botnets.
There are no specific rules to block Xpath Injection and SSI Injection.

1-2. "Malware Detection"

What type of Malware can "Malware Detection" detect?

A10 : Malware Detection checks the response data for malicous code aimed at attacking clients. Payloads are matched against:
1) Location Response Headers - that redirect users to malware sites, and
2) Response Body Payloads - that may contain off site links (scripts and iframes) or full payloads.

Q3. How does "BotNet" detect Bot?

A10: BotNet looks at URL, Parameters, User Agent and Request Body in some cases to detect a bot.

In particular, the following categories are checked to detect Bot:

1. Common IRC Botnet Attack Command String

2. Common types of Remote File Inclusion (RFI) attack methods.

     - URL Contains an IP Address

     - The PHP "include()" Function

     - RFI Data Ends with Question Mark(s) (?)

3. Local File Inclusion Attack

4. Local File Inclusion ENV Attack in User-Agent

5. e107 PHP Injection Attack

6. XML-RPC PHP Injection Attack

7. osCommerce File Upload Attack

8. Zen Cart local file disclosure vulnerability

9. Opencart Remote File Upload Vulnerability

10. e107 Plugin my_gallery Exploit

Q4. Is "WAF Mode" applied to the following features?
- Malware Detection
- IP Reputation

- Web Shell

- Bot Net

A10 - Yes WAF mode is applied to Malware Detection,IP Reputation,Web Shell,Bot Net.