magento2-page-builder
magento2-page-builder copied to clipboard
magento
OWASP Firewall Rule Violations
Preconditions (*)
- Run Magento with Nginx + Modsecurity with Core OWASP rules enabled Or Run Cloudflare with Managed OWASP rules enabled.
Steps to reproduce (*)
- Goto any place with page builder enabled
- Try to save content
Expected result (*)
- Product / Category / Cms Page should save
Actual result (*)
- Firewall presents 403.
Cloudflare detects the follows rules are violated: 960024 · Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters OWASP Generic Attacks 981231 · SQL Comment Sequence Detected OWASP SQL Injection Attacks 981319 · SQL Injection Attack: SQL Operator Detected OWASP SQL Injection Attacks 981244 · Detects basic SQL authentication bypass attempts 1/3 OWASP SQL Injection Attacks 981257 · Detects MySQL comment-/space-obfuscated injections and backtick termination OWASP SQL Injection Attacks 981245 · Detects basic SQL authentication bypass attempts 2/3 OWASP SQL Injection Attacks 981240 · Detects MySQL comments, conditions and ch(a)r injections OWASP SQL Injection Attacks 981242 · Detects classic SQL injection probings 1/2 OWASP SQL Injection Attacks 981246 · Detects basic SQL authentication bypass attempts 3/3 OWASP SQL Injection Attacks 981243 · Detects classic SQL injection probings 2/2 OWASP SQL Injection Attacks 973338 · XSS Filter - Category 3: Javascript URI Vector OWASP XSS Attacks 973300 · Possible XSS Attack Detected - HTML Tag Handler OWASP XSS Attacks 973304 · XSS Attack Detected OWASP XSS Attacks 973306 · XSS Attack Detected OWASP XSS Attacks 973315 · IE XSS Filters - Attack Detected OWASP XSS Attacks 973333 · IE XSS Filters - Attack Detected OWASP XSS Attacks 973344 · IE XSS Filters - Attack Detected OWASP XSS Attacks 973332 · IE XSS Filters - Attack Detected OWASP XSS Attacks
Hi @tschirmer. Thank you for your report. To speed up processing of this issue, make sure that you provided sufficient information.
Add a comment to assign the issue: @magento I am working on this
- Join Magento Community Engineering Slack and ask your questions in #github channel.
![m2-assistant[bot] avatar](https://avatars.githubusercontent.com/in/27048?v=4 "Published by a pub.dev verified publisher"){kind=small}
