Requests are blocked by Application Gateway because of OWASP rules

valikvs

• July 31, 2018 10:01
• Edited

We've added Coolkiebot script to our website and now sometimes requests are being blocked by Application Gateway with message OWASP rule 942340 is hit and blocked.

Message content:

Warning. Pattern match "(?i:(?:in\\s*?\\(+\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not|\\|\\||\\&\\&)\\s+[\\s\\w+]+(?:regexp\\s*?\\(|sounds\\s+like\\s*?[\"'`]|[=\\d]+x))|([\"'`]\\s*?\\d\\s*?(?:--|#))|(?:[\"'`][\\%&<>^=]+\\d\\s*?(=|x?or|div|like|between|and))|(?:[\ ..." at REQUEST_COOKIES:CookieConsent.
Matched Data: '9YLRvKSY4ffmvNyt1haJI3ayNB30fZXxnWGc1NcOmQq7nQFtJnp78w==' found within REQUEST_COOKIES:CookieConsent: {stamp:'9YLRvKSY4ffmvNyt1haJI3ayNB30fZXxnWGc1NcOmQq7nQFtJnp78w==',necessary:true,preferences:true,statistics:true,marketing:true}

According to logs also these rules are violated for some requests:

 

949110

942100

941100

920320

942390

 

It looks like that's all because of generated 'stamp' property value in CookieConsent cookie.

Can this be fixed not to violate the OWASP policies?

1

• 

  Matt O

  • August 23, 2018 15:05

  We are having a very similar issue. In our case the rules violated are either 942100 or 942210. Here are a couple examples:

  942100:
  sos found within REQUEST_COOKIES:CookieConsent: {stamp:'//Vvn98whkPuSAEcLBsF9oEwOE9UwZmH9PG0IiM/XspG+gYNB6dCEw=='%2Cnecessary:true%2Cpreferences:true%2Cstatistics:true%2Cmarketing:true%2Cver:1}

  942210:
  Or uAvA==' found within REQUEST_COOKIES:CookieConsent: {stamp:'pIyIDuJ6P03XIaP7ve/623sOvSWr7Ztsv5JEIS/cgsKd2n1Or uAvA==',necessary:true,preferences:true,statistics:true,marketing:true,ver:1}

  Please look into a fix for this as soon as possible.

  0
• 

  Anastasios Iliou

  • June 11, 2019 12:31

  The original issue still persists, and there hasn't been a reply in 11 months.

  Is there a work around for this? as disabling the rules on the gateway is not an option for us.

   

  0
• 

  Matt O

  • June 11, 2019 14:16
  • Edited

  Since we started having this issue Azure has added the ability to exclude specific cookies. This can be done in the portal, ARM templates, etc. This is how our exclude looks in the portal:

  

  0

Please sign in to leave a comment.