I'm trying to protect an IIS based web server called Precision BI.
When SQL injection protection is enabled, a user cannot change their password. When using the XSS protection, and running a search function, we see a 403 error.When using cookie signing, the login page doesn't populate the server and database names field.
I see an option for exceptions for web clients coming from source networks, which is difficult if no impossible for me to use that option. The "Web requests matching this path" exception is interesting, but unsure how to apply it.
I also see Skip WAF rules option, but don't see the rule number in the log. How do you determine the rule that is causing a false positive?
Does anyone have a suggestion on how I can tune the WAF to protect a web server who's standard functionality appears to be blocked with false positives?
In the log I'm seeing:
] Dropping cookie '.ASPXAUTH' from request due to missing/invalid signature, referer:
ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null).
method="POST" statuscode="403" reason="waf" extra="Anomaly Score Exceeded (score 200): XSS Attack Detected" time="121208"
Thanks!
Brian
When SQL injection protection is enabled, a user cannot change their password. When using the XSS protection, and running a search function, we see a 403 error.When using cookie signing, the login page doesn't populate the server and database names field.
I see an option for exceptions for web clients coming from source networks, which is difficult if no impossible for me to use that option. The "Web requests matching this path" exception is interesting, but unsure how to apply it.
I also see Skip WAF rules option, but don't see the rule number in the log. How do you determine the rule that is causing a false positive?
Does anyone have a suggestion on how I can tune the WAF to protect a web server who's standard functionality appears to be blocked with false positives?
In the log I'm seeing:
] Dropping cookie '.ASPXAUTH' from request due to missing/invalid signature, referer:
ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null).
method="POST" statuscode="403" reason="waf" extra="Anomaly Score Exceeded (score 200): XSS Attack Detected" time="121208"
Thanks!
Brian