Kibana save new items blocked by ModSecurity

I am trying to save new objetcs in Kibana including URL inside (new MarkDown with link) and it’s being blocked by WAF.

The accessed path is /api/saved_objects/visualization

981176 - Inbound Anomaly Score Exceeded (Total Score:, SQLi=, XSS=)

What can be done to avoid the issue (working with Kibana with no proxy does the job)

I’m Kibana user since early 2020, and this was one of the first issues that I encountered when Kibana is proxied via Cloudflare.

For me, I just bypass WAF for the Kibana hostname by creating a firewall rule:

With the below action if any requests match the expression:

Of course you could just whitelist specific URLs (in this case, /api/saved_objects/visualization), but since I use Cloudflare Access to protect my Kibana endpoint, it’s easier for me to just whitelist the entire hostname.

Great, many thanks !
Finished up whitelisting the specific path in the URI to keep the rest secure.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.