Do we need SSL Certificate on both Firewall and WAF for inbound traffic?

We have a website hosted behind WAF(FortiWeb) and Firewall (FortiGate). The WAF already has the server valid SSL Certificate from public CA. Do we need to install SSL certificate on Firewall also for inbound traffic to make it more secure ? Will Unscanned https traffic reach the firewall first compromise the network ?

If I can efficiently uniformly sample both $A$ and $B\subset A$, can I efficiently uniformly sample $A-B$?

As posed in the question; the statement naively seems like it should be self-evident but there are no algorithms that come immediately to mind. Suppose I have some domain $ A$ (in my case a subset of $ \mathbb{Z}^n$ for some $ n$ , but I would expect any answer to be independent of that structure), and a domain $ B\subset A$ . If I have an efficient algorithm for uniformly sampling from $ A$ , and an efficient algorithm for uniformly sampling from $ B$ , is there any way of ‘combining’ these to get an efficient algorithm for uniformly sampling $ A-B$ ? I can certainly rejection-sample, but if $ |A-B|\ll|A|$ then there’s no guarantee that that will be efficient.

Is a sorcerer with the domain-access alternative class feature considered both an arcane and a divine caster?

The alternative class feature Domain Access (Complete Champion, p. 52) reads, in part:

Choose one cleric domain. If you worship a specific deity, the domain you choose must be one to which your deity grants access. You gain the granted power of the chosen domain. In addition, you can cast one domain spell of each spell level available to you per day from that domain.

Does having access to the domain spells make a sorcer qualify for any prestige class that requires the PC to be a divine caster?

When using a battlemap, can a lightning bolt be directed between squares to affect both?

Lightning bolt is listed as having a width of 5 feet.

When using a battlemap, can the line of the spell be directed between squares to affect creatures on both sides with full damage?

Does Lightning Bolt affect everyone in its line of effect? suggests this would be true for Pathfinder rules. Its answer suggests that even if the lightning bolt passed a tiny corner of a square – the creature would take full damage. Does this hold true in 5e?

Is this considered DOM-XSS or self-XSS or both?

SCENARIO:

A web page shows an error login page using these javascript lines

<script>     let queryParams = new URLSearchParams(window.location.search);     document.getElementById("message").innerText = queryParams.get("message");     let link = document.getElementById("link");     link.innerText = queryParams.get("linkText");     link.href = queryParams.get("linkUrl"); </script> 

The last javascript line allows me to hide javascript inside a link in the web page crafting an url like the following.

https://vulnerablewebsite.com/folder/custom.html?message=not+correct?&linkUrl=javascript:alert(1)&linkText=click+here+to+shine

1) the user click the shortened version of this link

2) the user click “click here to shine”

3) the alert opens

I was inspired by this article on portswigger https://portswigger.net/web-security/cross-site-scripting/dom-based
in particular from this example

If a JavaScript library such as jQuery is being used, look out for sinks that can alter DOM elements on the page. For instance, the attr() function in jQuery can change attributes on DOM elements. If data is read from a user-controlled source like the URL and then passed to the attr() function, then it may be possible to manipulate the value sent to cause XSS. For example, here we have some JavaScript that changes an anchor element’s href attribute using data from the URL:

$ (function(){ $ ('#backLink').attr("href",(new URLSearchParams(window.location.search)).get('returnUrl')); });

You can exploit this by modifying the URL so that the location.search source contains a malicious JavaScript URL. After the page’s JavaScript applies this malicious URL to the back link’s href, clicking on the back link will execute it:

?returnUrl=javascript:alert(document.domain)

QUESTION: to me they look the same kind of attack but someone told me it is a self-XSS. Anyway I read that self-XSS expects the user to self-paste javascript code in his console. So I’m confused and I’d like to know which type it is. Also, can be considered a vulnerability of medium/high severity or not?

I can’t find my switch’s ip by both ARP and ICMP protocols scan with nmap

My switch is a TP-Link TL-SG105E perfectly function, but I can’t access to it because, it’s like hidden somehow from the network. I used tools like Netdiscover:

netdiscover -I wlp2s0 -r 192.168.0.0/24

and Nmap:

nmap -PR 192.168.1.0/24 nmap -SP 192.168.1.0/24

and I tried to find it via open port 80

nmap -p 80 192.168.1.0/24

And many other tests. All of them gave me the same result but not my switch IP or mac address. I’m wondering how it is possible that a fully functional device which previously could identify even the operating system now can’t find it on the network and still work without responding to the ARP ICMP HTTP protocols. It’s not even listed in Router’s DHCP address table. How can it still work? And how can it not be found after scanning the network? And for those who wonder, I hit the reset button and it’s still the same.

Thank you all for your time.

Can I Quicken a cantrip to cast it twice in a turn and also use Twinned Spell on both castings?

I’m currently building a monk sorcerer who uses melee spell attacks, notably the cantrip Shocking Grasp. Can I use the Quickened Spell Metamagic option to cast the spell as a bonus action and then use the Twinned Spell Metamagic option to attack an additional enemy, then use Shocking Grasp again as my action and use Twinned Spell again to attack both enemies a second time?

How does the spell Siphon work for a caster who is both spontaneous and able to cast prepared spells?

If I have a multiclassed spellcaster (both spontaneous and able to cast prepared spells), can I use Siphon (Complete Scoundrel, p. 102) to regain one or more spell slot/s of any class I wish?

Or

Is the regained spell slot of the same class I have cast Siphon with?

SIPHON

[…]

You drain the charges from a wand or staff you hold to replace spells you have already cast. As long as the wand or staff has at least 5 charges left, you can expend 5 of those charges to replace a cast spell. The spell replaced must be of a level equal to or lower than the highest-level spell the staff or wand holds. If you prepare arcane spells, you can regain any one spell of the affected level that you have already cast that day; if you cast spells spontaneously, you can regain a spell slot of the appropriate level.