Requests are blocked by Application Gateway because of OWASP rules

Comments

3 comments

  • Avatar
    Matt O

    We are having a very similar issue. In our case the rules violated are either 942100 or 942210. Here are a couple examples:

    942100:
    sos found within REQUEST_COOKIES:CookieConsent: {stamp:'//Vvn98whkPuSAEcLBsF9oEwOE9UwZmH9PG0IiM/XspG+gYNB6dCEw=='%2Cnecessary:true%2Cpreferences:true%2Cstatistics:true%2Cmarketing:true%2Cver:1}

    942210:
    Or uAvA==' found within REQUEST_COOKIES:CookieConsent: {stamp:'pIyIDuJ6P03XIaP7ve/623sOvSWr7Ztsv5JEIS/cgsKd2n1Or uAvA==',necessary:true,preferences:true,statistics:true,marketing:true,ver:1}

    Please look into a fix for this as soon as possible.

    0
    Comment actions Permalink
  • Avatar
    Anastasios Iliou

    The original issue still persists, and there hasn't been a reply in 11 months.

    Is there a work around for this? as disabling the rules on the gateway is not an option for us.

     

    0
    Comment actions Permalink
  • Avatar
    Matt O

    Since we started having this issue Azure has added the ability to exclude specific cookies. This can be done in the portal, ARM templates, etc. This is how our exclude looks in the portal:

    0
    Comment actions Permalink

Please sign in to leave a comment.