General Discussion Large scale problem with cookie and WAF blocking web services

UTM Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 5 replies
Subscribers 5 subscribers
Views 1284 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Large scale problem with cookie and WAF blocking web services

Remuflon over 3 years ago

It appears a large number of services are deploying this cookie named "ajs_anonymous_id". I think it comes from Google.

The cookie begins and ends with %22. This triggers Sophos UTM to think that EVERY request is a SQL Injection attack.

This thread was automatically locked due to age.

Top Replies

FormerMember over 3 years ago in reply to Remuflon +1 verified

Hi Remuflon , Thank you for the update. You could try to bypass the third rule(981318 ) as it’s not one of the infrastructure rules by following this KBA and see if that helps: Sophos UTM: How to bypass…

Parents

0 FormerMember over 3 years ago

Hi Remuflon,

Thank you for reaching out to the Community!

Could you please provide the reverseproxy logs from your firewall?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Remuflon over 3 years ago in reply to FormerMember

I was mistaken, it's not a Google cookie, it's actually coming from Jira Service Desk. But still, in my opinion, a %22...%22 should not be interpreted as SQL injection - on it's own. Granted, it's poor form to put that in the cookie value...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Remuflon over 3 years ago in reply to FormerMember

I was mistaken, it's not a Google cookie, it's actually coming from Jira Service Desk. But still, in my opinion, a %22...%22 should not be interpreted as SQL injection - on it's own. Granted, it's poor form to put that in the cookie value...
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data