Initiating connection via direct IP access
Switching up protocols
Manipulation of HTTP headers
Manipulation of parameter names
CR/LF, Null terminators, and other control chars
HTTP Parameter Pollution
HTTP Verb Tampering
HTTP Request Smuggling
Defeating Virtual Patching
Session Splicing
Denial-of-Service and Resource Exhaustion
Explanation in the article:
https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/ (https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/)
Backups
https://web.archive.org/web/20210731223520/https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/ (https://web.archive.org/web/20210731223520/https://blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/)
https://archive.st/archive/2021/7/blog.0xffff.info/ojzg/blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/index.html (https://archive.st/archive/2021/7/blog.0xffff.info/ojzg/blog.0xffff.info/2021/07/24/a-guide-to-non-conventional-waf-ids-evasion-techniques/index.html)
https://archive.is/DhbIn (https://archive.is/DhbIn)