AJAX data security issue

AJAX data security issue

mrpaulmcgeemrpaulmcgee Posts: 4Questions: 1Answers: 0
edited October 2018 in Free community support

Hi,
I am using datatables ajax method of populating a table. We have now started using an extra layer of protection on our server and I am getting the following log entries coming from the ajax calls.

[id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"]

Looks like it doesnt like the [] brackets. Anyone ever came across anything like this before using datatables and anyone any idea how I could resolve this because removing the rule isn't an option?

Thanks

Answers

  • allanallan Posts: 61,438Questions: 1Answers: 10,049 Site admin

    Never come across that before. What's your server-side environment?

    Allan

  • mrpaulmcgeemrpaulmcgee Posts: 4Questions: 1Answers: 0

    Hi Allan,

    We are using a Sophos UTM with server protection enabled. Basic WAF profile.
    Sophos uses apache modsecurity rules for the WAF.
    It's triggering 981173-OWASP rule
    https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode_Sibling_981173
    Our backend is Coldfusion.

    Everything worked fine until we started using Sophos which then stopped loading the page based on those security rules. I couldnt find anything while searching for issues with datatables and Sophos and removing the rule isnt an option.

    Thanks
    Paul

  • allanallan Posts: 61,438Questions: 1Answers: 10,049 Site admin

    I don't think I've come across Sophos before to be honest, so I can't really help in that regard.

    I don't know why it would reject [] in the HTTP parameter names, as they are perfectly valid, but if you aren't able to get any support from them directly about that, what you might need to do is use ajax.data to modify the data being submitted to the server so it doesn't use any nesting (i.e. all parameters are at the top level of the object). Alternatively, send the data as raw JSON in the request body (there is an example in the ajax.data docs for that), then use whatever tools you have at the server-side to decode the JSON.

    Allan

This discussion has been closed.