umbraco-doc-type-grid-editor icon indicating copy to clipboard operation
umbraco-doc-type-grid-editor copied to clipboard

Published 20 hours ago verified publisher icon skttl

Preview request fails OWASP CRS 3.1 request XXS 941150

Open Matthew-Wise opened this issue 4 years ago • 2 comments
trafficstars

When a block contains a rich text editor the following fire wall rule when enabled blocks the request.

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=owasp31#crs941-31 (941150)

When comparing the request to PostSave I can see this is using a multipart/form-data content type instead of form encoding which the preview is using.

I am currently working on and testing a solution to this. Once have it working on my clients site Ill create a PR.

Thanks

Matt

Matthew-Wise avatar Jan 26 '21 10:01 Matthew-Wise

Cool, thanks @Matthew-Wise !

skttl avatar Jan 26 '21 13:01 skttl

Umbraco has defeated me! https://github.com/Matthew-Wise/umbraco-doc-type-grid-editor/tree/feature/owasp-941150

Was working fine and does but then sometimes it loses the media formatter.

I cant see why it does this and have spent a day on it. As I have client pressures am going to exclude the endpoint from the rule.

Matthew-Wise avatar Jan 27 '21 17:01 Matthew-Wise