AnsweredAssumed Answered

HTML Tag Handler rule not filtering POST content

Question asked by Wilson Soares on Apr 20, 2017
Latest reply on Apr 24, 2017 by Szymon Jakubowski

Like • Show 0 Likes0
Comment • 1

Hi,

The example rule 950005 is filtering post data but the rule 973300 is not:

Test to trigger the rule 950005:

curl -i --data-binary 'idsomething=471287\r\nmsg=/etc/passwd\r\blabla=c' 'https://akamaized.domain/'
HTTP/1.1 403 Forbidden

Test to trigger the rule 973300:

curl -i --data-binary 'idsomething=471287\r\nmsg=<h2> teste </h2>\r\blabla=c' 'https://akamaized.domain/'
HTTP/1.1 405 Method Not Allowed <<< This should be 403.

Both rules are in deny mode and both rules have the same selectors.

I'm using updated waf rules.

What is the best way to report this type of problems to akamai?

Is there a rule tester page?

Regards,

Szymon Jakubowski

Apr 24, 2017 11:31 AM

Correct Answer

Hi Wilson Soares!

Thanks bringing this up! I've forward this inquiry to our Threat Research Team and got an answer back.

I will send you the details in a private message.

Best Regards,

Szymon Jakubowski

See the reply in context

No one else had this question

Outcomes

1 Reply

Szymon Jakubowski Apr 24, 2017 11:31 AM
Unmark Correct
Correct Answer
Hi Wilson Soares!

Thanks bringing this up! I've forward this inquiry to our Threat Research Team and got an answer back.

I will send you the details in a private message.

Best Regards,
Szymon Jakubowski
Like • Show 0 Likes0
Actions

Community

Faster Forward, Together

HTML Tag Handler rule not filtering POST content

Outcomes

Related Content

Recommended Content