AnsweredAssumed Answered

HTML Tag Handler rule not filtering POST content

Question asked by Wilson Soares on Apr 20, 2017
Latest reply on Apr 24, 2017 by Szymon Jakubowski

Hi,

 

The example rule 950005 is filtering post data but the rule 973300 is not:

 

Test to trigger the rule 950005:

curl -i --data-binary 'idsomething=471287\r\nmsg=/etc/passwd\r\blabla=c' 'https://akamaized.domain/'
HTTP/1.1 403 Forbidden

 

Test to trigger the rule 973300:

curl -i --data-binary 'idsomething=471287\r\nmsg=<h2> teste </h2>\r\blabla=c' 'https://akamaized.domain/'
HTTP/1.1 405 Method Not Allowed <<< This should be 403.

 

Both rules are in deny mode and both rules have the same selectors.

I'm using updated waf rules.


What is the best way to report this type of problems to akamai?

Is there a rule tester page?


Regards,

Outcomes