-2

WAF is showing some errors due to including some HTML tags in my payload responses (mostly field-like messages and user guides). Sometimes, I am also sending R programming language code to the server, which will just be stored in the database.

While doing WAF for security check, it gives a vulnerability issue saying HTML tags and code are detected.

Our team proposed a solution to encode the entire payload and decode the encoded payload in the Django middleware. But I am wondering if this is the best approach after all?

Will this approach be efficient in the long run?

Can you please suggest the right approach?

Improve this question
3
  • 1
    Can you create exceptions in your WAF…? Commented Oct 28 at 6:01
  • I believe we can ignore certain patterns using regex, but the CTO is not opting for that solution. Commented Oct 28 at 8:03
  • If you encode the entire payload so as to bypass the WAF, what exactly even is the point of the WAF? You might as well just disable the WAF and call it a day then (since what you propose would basically make it redundant). Commented Oct 28 at 12:30
Related questions
333
Detect encoding and make everything UTF-8
3
Python: decode 7bit or 8bit encoded email body
0
.NET how to programatically detect and decode text in a received SMTP email encoded as base64 or other?
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.