Firewall blocks some of the base64 images

We’ve recently upgraded our subscription to professional plan. But with the new firewall system, WAF, our users are unable to upload some images or videos.
When we look up to the firewall activity log we see that requests blocked by WAF.

Service: WAF
Rule ID: `OWASP Block (981176)`
Rule message: Inbound Anomaly Score Exceeded (Total Score: 55, SQLi=21, XSS=15)
Rule: OWASP Inbound Blocking

This doesn’t happen with most of the files. But few of them are blocked.
We send requests with application/x-www-form-urlencoded type and images in json format:

Example for 1px black dot image:

[{“type”: “image”, “data”: “iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNk+A8AAQUBAScY42YAAAAASUVORK5CYII=”, “width”: 1, “height”: 1}, {…}]

We cannot change our system because we have a lot of users and not everyone will update their app. And of course, we dont want to disable WAF.
But if its necessary to update our application and api, we can do it.
Thanks for any help.

Here are some tips, including decreasing OWASP sensitivity.

1 Like

Have a look at link @sdayman shared, specifically Troubleshoot WAF false negatives Section
another approach would be adding custom rule for the affected page to reduce sensitivity when request comes from your app.

1 Like

Thank you @mianmuneebajaz we’ve created a page rule which bypass WAF for that uri

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.