403 Forbidden Error

Phillip · April 26, 2024, 7:26am

Hello,

Since installing the code snippet in the website script, a 403 Forbbiden Error occurs when loading the website. The website call is routed via an ApplicationGateway in Azure and this then forwards the requests in the backend to the website server. The reason why this doesn’t work is that a web application firewall is connected to the AppGW.

So: Client → AppGW → WAF → BackendServer

By surfing the website, the cookie is loaded into the client browser:
“ppms_privacy_0c00c49a-272c-4b8b-8dfa-e2a8a24a0d44={%22visitorId%22:%2222515141-14db-447e-8ac1-a622697325dd%22%2C%22domain%22:{%22normalized%22:% 22
www.b-mos.de%22%2C%22isWildcard%22:false%2C%22pattern%22:%22www.b-mos.de%22}%2C%22consents%22:{%22analytics%22:{% 22status%22:0%2C%22updatedAt%22:%222024-04-10T15:37:55.111Z%22}}%2C%22staleCheckpoint%22:%222024-04-10T15:37:28.791Z%22}”

The WAF uses the OWSAP 3.2 core ruleset. The rule: 942200 is hit by the cookie present in the browser and the request will never go through to the website server again as long as the cookie is not removed from the browser. Rule 942200 is in the group: REQUEST-942-APPLICATION-ATTACK-SQLI
Here is the Git link to the ruleset: coreruleset/rules at v3.2/master · coreruleset/coreruleset · GitHub

The cookie is therefore recognized as an SQL injection attempt by the client and blocked. The website server doesn’t notice anything.

The cookie is evaluated on the WAF via a RegEx, which is stipulated in the rule and causes a pattern match.

CookieDecoded: {“visitorId”:“22515141-14db-447e-8ac1-a622697325dd”,“domain”:{“normalized”:“www.b-mos.de”,“isWildcard”:false,“pattern”:“www .b-mos.de”},“consents”:{“analytics”:{“status”:0,“updatedAt”:“2024-04-10T15:37:55.111Z”}},“staleCheckpoint”:“2024 -04-10T15:37:28.791Z”}"

If you check this via regex101: build, test, and debug regex The following hits are generated:

So the first match happens at ,“domain”:{“normalized”: and then ,“isWildcard”:false would cause a hit.

Can the cookie be adjusted so that the RegEx does not have a pattern match?

asinior · April 29, 2024, 10:15am

Hi,
Welcome to the community!

You could play around with the custom code tag and set up a script there that would change the content of the cookie so that it does not match the RegEx pattern. Alternatively, you could set up a script that changes the content of the cookie that will make the RegEx not recognize the pattern. However, this may impact some aspects of the data collection or user recognition and that is why I would advise you to be careful with changing the cookie’s content.

system · May 13, 2024, 10:15am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cookie blocked by firewall Data collection and tags	3	132	September 13, 2024
Get error blocked by client Data collection and tags	3	274	July 19, 2024
Error 403 Forbidden Account	6	664	July 19, 2024
enableCookies external consent manager Data collection and tags	5	201	July 8, 2022
Consent manager - blocked content doesn't work Privacy	9	426	November 15, 2022

403 Forbidden Error

Related topics