Requests are blocked by Application Gateway because of OWASP rules
We've added Coolkiebot script to our website and now sometimes requests are being blocked by Application Gateway with message OWASP rule 942340 is hit and blocked.
Message content:
Warning. Pattern match "(?i:(?:in\\s*?\\(+\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not|\\|\\||\\&\\&)\\s+[\\s\\w+]+(?:regexp\\s*?\\(|sounds\\s+like\\s*?[\"'`]|[=\\d]+x))|([\"'`]\\s*?\\d\\s*?(?:--|#))|(?:[\"'`][\\%&<>^=]+\\d\\s*?(=|x?or|div|like|between|and))|(?:[\ ..." at REQUEST_COOKIES:CookieConsent.
Matched Data: '9YLRvKSY4ffmvNyt1haJI3ayNB30fZXxnWGc1NcOmQq7nQFtJnp78w==' found within REQUEST_COOKIES:CookieConsent: {stamp:'9YLRvKSY4ffmvNyt1haJI3ayNB30fZXxnWGc1NcOmQq7nQFtJnp78w==',necessary:true,preferences:true,statistics:true,marketing:true}
According to logs also these rules are violated for some requests:
949110
942100
941100
920320
942390
It looks like that's all because of generated 'stamp' property value in CookieConsent cookie.
Can this be fixed not to violate the OWASP policies?
-
We are having a very similar issue. In our case the rules violated are either 942100 or 942210. Here are a couple examples:
942100:
sos found within REQUEST_COOKIES:CookieConsent: {stamp:'//Vvn98whkPuSAEcLBsF9oEwOE9UwZmH9PG0IiM/XspG+gYNB6dCEw=='%2Cnecessary:true%2Cpreferences:true%2Cstatistics:true%2Cmarketing:true%2Cver:1}942210:
Or uAvA==' found within REQUEST_COOKIES:CookieConsent: {stamp:'pIyIDuJ6P03XIaP7ve/623sOvSWr7Ztsv5JEIS/cgsKd2n1Or uAvA==',necessary:true,preferences:true,statistics:true,marketing:true,ver:1}Please look into a fix for this as soon as possible.
0 -
The original issue still persists, and there hasn't been a reply in 11 months.
Is there a work around for this? as disabling the rules on the gateway is not an option for us.
0 -
Since we started having this issue Azure has added the ability to exclude specific cookies. This can be done in the portal, ARM templates, etc. This is how our exclude looks in the portal:
0
Please sign in to leave a comment.
Comments
3 comments