AJAX data security issue
AJAX data security issue
mrpaulmcgee
Posts: 4Questions: 1Answers: 0
Hi,
I am using datatables ajax method of populating a table. We have now started using an extra layer of protection on our server and I am getting the following log entries coming from the ajax calls.
[id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"]
Looks like it doesnt like the [] brackets. Anyone ever came across anything like this before using datatables and anyone any idea how I could resolve this because removing the rule isn't an option?
Thanks
This discussion has been closed.
Answers
Never come across that before. What's your server-side environment?
Allan
Hi Allan,
We are using a Sophos UTM with server protection enabled. Basic WAF profile.
Sophos uses apache modsecurity rules for the WAF.
It's triggering 981173-OWASP rule
https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode_Sibling_981173
Our backend is Coldfusion.
Everything worked fine until we started using Sophos which then stopped loading the page based on those security rules. I couldnt find anything while searching for issues with datatables and Sophos and removing the rule isnt an option.
Thanks
Paul
I don't think I've come across Sophos before to be honest, so I can't really help in that regard.
I don't know why it would reject
[]in the HTTP parameter names, as they are perfectly valid, but if you aren't able to get any support from them directly about that, what you might need to do is useajax.datato modify the data being submitted to the server so it doesn't use any nesting (i.e. all parameters are at the top level of the object). Alternatively, send the data as raw JSON in the request body (there is an example in theajax.datadocs for that), then use whatever tools you have at the server-side to decode the JSON.Allan