Sven Olsfelder Posted August 11, 2016 Share Posted August 11, 2016 Hi, does anybody have a working relaxation rule for the User-Agent header field for IE/Safari ? Log entry looks like this: ...msg=SQL Keyword check failed for header User-Agent\="..like Gecko) Version/9.1 Safari/601.5.17(;)" It's also happening for IE, because of the "like" in the User-Agent. Of course "Check Request Headers" is set to True. Regards, Sven Link to comment
0 Stan Chen Posted August 30, 2016 Share Posted August 30, 2016 Check the APPFW Learned Rules Rule and Deploy to Relaxation Rules. Link to comment
0 Sven Olsfelder Posted August 30, 2016 Author Share Posted August 30, 2016 Hi, did this too, still doesn't work. I had a similar issue earlier these days with a XSS relaxation rule - after I deployed the learned rule, it appeared again and again in the learned rules and couldn't (obviously) bedeployed again because it was "already in use". I could get over it by using a lot of ^.*$. But that doesn't work for this specifiy User-Agent relaxation. Seems like the AppFW sometimes doesn't understands it's own "language".... Link to comment
0 Stuart Ganney Posted December 20, 2016 Share Posted December 20, 2016 I am having the same problem with IE11 on Windows 7. I have tried deploying the rules that the appfw learns, but it still blocks these requests. I have tried adding various combinations of PCRE wildcards in all the fields available (URL, location, value etc). None of them do what I want and the appfw still blocks these requests as being SQL injection attempts. Surely there must be some documented solution to this, since IE11 is so common in the field. Has anyone managed to solve it? I am now trying an idea of using a rewrite policy to remove the User-Agent header altogether. Has anyone had any success with this kind of idea? Stuart. Link to comment
0 Murilo Rocha Posted June 20, 2019 Share Posted June 20, 2019 Not ideal but the work around is to disable " Check request headers" Link to comment
Question
Sven Olsfelder
Hi,
does anybody have a working relaxation rule for the User-Agent header field for IE/Safari ?
Log entry looks like this:
...msg=SQL Keyword check failed for header User-Agent\="..like Gecko) Version/9.1 Safari/601.5.17(;)"
It's also happening for IE, because of the "like" in the User-Agent. Of course "Check Request Headers" is set to True.
Regards,
Sven
Link to comment
4 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now