APAR status
Closed as program error.
Error description
When using Web Application Firewall (WAF) with SQL injection filter enabled, and a request is received with Content-Type=application/json in the header, the request is rejected with: <body>The Web Application Firewall has denied your transaction due to a violation of policy. <P />You may want to clear the cookies in your browser.</body> You may also see the following error message: 20211109T114345.473Z [some_domain][0x02030028][webapp-firewall][error] web-application-firewall(MY_WAF): tid(12345)[error][x.x.x.x]: SQL Signature Detected
Local fix
Turn off sql filter for json requests, by adding a specific request profile just for json requests that does not have sql injection enabled. So instead of having 1 rule for all traffic, there would be 1 rule for json traffic (that does not do sql filtering) and another rule for all other traffic (that does do sql filtering).
Problem summary
Allow JSON traffic through if the URI does not match the criteria.
Problem conclusion
The fix will be in 10.5.0.5 & 10.0.1.13 & 2018.4.1.26 For a list of the latest fix packs available, please see: https://www.ibm.com/support/pages/node/83105
Temporary fix
Comments
APAR Information
APAR number
IT39416
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
18X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-12-15
Closed date
2023-04-18
Last modified date
2023-04-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18X","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
19 April 2023