search

solo-io / gloo

The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
https://docs.solo.io/
Apache License 2.0
4.07k stars 434 forks source link

Gloo Edge returns 403 (instead of 413) HTTP status code after WAF size validation failure #9775

Open sadieleob opened 1 month ago

sadieleob commented 1 month ago

Gloo Edge Product

Enterprise

Gloo Edge Version

1.16.8

Is your feature request related to a problem? Please describe.

There is no issue at this moment. The gateway returns a 403 when the request body exceeds SecRequestBodyLimit

waf:
        customInterventionMessage: Request size exceeded
        ruleSets:
        - ruleStr: |
            # Turn rule engine on
            SecRuleEngine On
            SecRequestBodyLimitAction Reject
            SecRequestBodyLimit 25000
            SecRequestBodyNoFilesLimit 25000

Describe the solution you'd like

The gateway returns a 403 when the request body exceeds SecRequestBodyLimit but the WAF returns a 413.

Describe alternatives you've considered

A transformation would not work because there is no way for us to know if it was size validation or another rejection

Additional Context

No response

soloio-bot commented 1 month ago

Zendesk ticket #4128 has been linked to this issue.