Support

Search results for ""

Sorry, no results found. Perhaps you would like to search the documentation?
All Topics
Stefan
Developer

Thanks for your feedback.
I did some deep digging with the 7G rules applied and this is what we found. Warning, this is quite a technical story ;)

In order to apply smart filtering to the table, we must post the form as a GET request with some parameters. Since Smart Filtering is much more complete than normal filtering where a single drop-down would suffice. Therefore we send a Json string to the URL that is URL encoded, which should be ok for firewalls.

But after some testing, I found that I only get a 403 for some Smart Filters. The difference that would give me a 403 error is when I want to filter a column that has options, so a Select Box in filtering. We send the input type serialized to the URL like “input”=”select”. The 7G ruleset triggers on the word ‘select’ in the URL starting with a quote (single or double). => 'select or "select

I understand that the word ‘select’ might be used for SQL injection, but to say that this phrase alone is ‘insecure’ is not 100% true in my opinion. I would say that the specific rule could be further improved and I would like to discuss this with the developer from the 7G firewall :)

You should be able to use Smart Filtering right now, but you will get a 403 error when you use it for a select field.

4 weeks, 1 day ago

You must be logged in to reply to this topic.