Base64 encoded data in POST request triggering WAF

I have a website that sends a POST request with one field including a Base64 image. The WAF is blocking this request due to the following rule…

100139D - XSS, HTML Injection - Data URI

Is base64 encoded data in a POST request some kind of security exploit? Why is such a check included in this rule? How do I disable this check on base64 encoding without taking out all the other WAF rules or how else can I send this base64 encoded data that won’t trigger any WAF rules.

@mdemoura is one of the WAF experts and might know why it’s triggering.

1 Like

Hi @Andrew1234, could you post an example request that is being blocked by rule 100139D?

We have an input field like this but with a 1+MB image base64 encoded in it. Doing this sets off the rule for some reason.

<input type="hidden" name="croppedimage" id="croppedimage" value="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQAAAAJYCAYAAAA9nkvjAAAgAElEQVR4Xuy9B5hlR3U....................LNToJcw6X2Jdkiqbe2lzNXXVo1ROnHK8qVy8wIQD4ci7k++SfCRyugoA5FmXcfk6cpTd2BmD5PFYBQF9f0XXo6G3FAPw/5M98YaE+vYMAAAAASUVORK5CYII=">

Thanks, I’ve raised a ticket internally to tweak the rule so it doesn’t trigger on this kind of input.

How do I disable this check on base64 encoding without taking out all the other WAF rules

In the meantime, you can disable the 100139D rule individually or set its action to just “Log”.

2 Likes

Thanks. How can I follow along with the progress of this to know the status of this issue and when/if we can expect a fix within CF.

Any updates? Thanks

We have also hit this error are there any updates please ?

Hello, any updates on this issue please?

3 months since this was raised. Just wondering if this is still an issue?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.