Requests are blocked by Application Gateway because of OWASP rules
We've added Coolkiebot script to our website and now sometimes requests are being blocked by Application Gateway with message OWASP rule 942340 is hit and blocked.
Message content:
Warning. Pattern match "(?i:(?:in\\s*?\\(+\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not|\\|\\||\\&\\&)\\s+[\\s\\w+]+(?:regexp\\s*?\\(|sounds\\s+like\\s*?[\"'`]|[=\\d]+x))|([\"'`]\\s*?\\d\\s*?(?:--|#))|(?:[\"'`][\\%&<>^=]+\\d\\s*?(=|x?or|div|like|between|and))|(?:[\ ..." at REQUEST_COOKIES:CookieConsent.
Matched Data: '9YLRvKSY4ffmvNyt1haJI3ayNB30fZXxnWGc1NcOmQq7nQFtJnp78w==' found within REQUEST_COOKIES:CookieConsent: {stamp:'9YLRvKSY4ffmvNyt1haJI3ayNB30fZXxnWGc1NcOmQq7nQFtJnp78w==',necessary:true,preferences:true,statistics:true,marketing:true}
According to logs also these rules are violated for some requests:
949110
942100
941100
920320
942390
It looks like that's all because of generated 'stamp' property value in CookieConsent cookie.
Can this be fixed not to violate the OWASP policies?
-
We are having a very similar issue. In our case the rules violated are either 942100 or 942210. Here are a couple examples:
942100:
sos found within REQUEST_COOKIES:CookieConsent: {stamp:'//Vvn98whkPuSAEcLBsF9oEwOE9UwZmH9PG0IiM/XspG+gYNB6dCEw=='%2Cnecessary:true%2Cpreferences:true%2Cstatistics:true%2Cmarketing:true%2Cver:1}942210:
Or uAvA==' found within REQUEST_COOKIES:CookieConsent: {stamp:'pIyIDuJ6P03XIaP7ve/623sOvSWr7Ztsv5JEIS/cgsKd2n1Or uAvA==',necessary:true,preferences:true,statistics:true,marketing:true,ver:1}Please look into a fix for this as soon as possible.
Please sign in to leave a comment.
Comments
3 comments