WAF - Upload some P7S files triggers lots of OWASP rules

Hi all,
When I’m uploading certain p7s files to our web site triggers various OWASP rules.
I created a firewall rule to bypass the WAF in this specific URI.

Any ideas on how to fix that without bypassing it?

Maybe there’s a way to forward the captcha challenge from our API (where the error happens) to our frontend?

Unfortunately post requests don’t really handle 301 or other redirects. The HTTP standard isn’t looking for any shenanigans (tongue in cheek) to an upload of data. More unfortunate is that OWASP is a bit of a bruce force hammer. Fie types like p7s and pdf can trigger it based on patterns which are inherent in the file itself, but which are similar to patterns that can cause problems in web requests (e.g. things that look a lot like cross site scripting because PDFs have html in the doc something something).

Since this is an API endpoint I would look at API Shield perhaps in place of OWASP for this path. It’s also possible to do more fine grained control over which rulesets fire for particular paths (using the API today, but [watch this space]).

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.