2

The azure waf is giving a sql injection rule match and rejecting with 403 if my request body in JSON has and sql keywords or special characters and we cannot disable the rule by our company policy.

I wanted to get the request from frontend in Base64 encoded string and decode it before it reaches my RestController, and encode to Base64 before I send the Response to the front end.

Is this approach correct?

If yes, Can someone point me to some code to do it in a simple way like, HandlerInterceptor or something? I have read other questions but didn't get data about how to pre Decode and post Encode into base64 before @RequestBody deserialization happens.

Saketh Ram
  • 53
  • 5
  • 1
    *Is this approach correct?* no it isn't. – M. Deinum Nov 29 '21 at 06:22
  • Thank you @M.Deinum for quick response, Can you please suggest what is the right way to handle this instead of turning off the WAF rule? I am guessing this is a common problem for string request bodies flowing between frontend and backends.. – Saketh Ram Nov 29 '21 at 16:18

0 Answers0