I have a website that sends a POST request with one field including a Base64 image. The WAF is blocking this request due to the following rule…
100139D - XSS, HTML Injection - Data URI
Is base64 encoded data in a POST request some kind of security exploit? Why is such a check included in this rule? How do I disable this check on base64 encoding without taking out all the other WAF rules or how else can I send this base64 encoded data that won’t trigger any WAF rules.