knihit
commented
4 years ago Hi @TomaszHenrykDyszy, sorry about the issue you are facing. It is not '' because of which you are facing the issue. There is pattern matching with 'Onsdagsutskicket&'. If you are add that negated to the rule that contains the xss match so that these URI's are exempt should solve the problem. Basically the presence of 'on' in the attribute name causes the issue.
aijunpeng
this is configuration I use:
"XssMatchTuples": [{ "FieldToMatch": { "Type": "QUERY_STRING" }, "TextTransformation": "URL_DECODE" }, { "FieldToMatch": { "Type": "QUERY_STRING" }, "TextTransformation": "HTML_ENTITY_DECODE" }, { "FieldToMatch": { "Type": "BODY" }, "TextTransformation": "URL_DECODE" }, { "FieldToMatch": { "Type": "BODY" }, "TextTransformation": "HTML_ENTITY_DECODE" }, { "FieldToMatch": { "Type": "URI" }, "TextTransformation": "URL_DECODE" }, { "FieldToMatch": { "Type": "URI" }, "TextTransformation": "HTML_ENTITY_DECODE" }, { "FieldToMatch": { "Type": "HEADER", "Data": "Cookie" }, "TextTransformation": "URL_DECODE" }, { "FieldToMatch": { "Type": "HEADER", "Data": "Cookie" }, "TextTransformation": "HTML_ENTITY_DECODE" }When XSS rule with that is set to BLOCK, It blocks all requests with jquery ajax call with parameter cache: false.
In such case the url is updated with timestamp and looks like this:
https://BASE_URL?query=1162845+1162846&utm_source=eClub&utm_medium=email&utm_campaign=DR8+Onsdagsutskicket&_=1584536484058
The problem is with last parmeter "_=1584536484058" Without it it works perfectly.
If it's not a bug, please give me advice how to configure it allowing for underscore parameter name.