You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We see the case of an application which is using application/*+json as content type. This is blocked by rule 920470 in PL1
While this content type is unusual, I think it does not qualify as "Illegal" and should not blocked by 920470
mirkodziadzka-avi
changed the title
Rule 920470 seems to restricted and create false positives
Rule 920470 seems to be too restricted and create false positives in PL1
Mar 18, 2022
thank you for reporting. I think this is a bit more complex problem, so - as you can see - I've appended this issue to next monthly chat, and we will discuss it.
Description
We see the case of an application which is using
application/*+json
as content type. This is blocked by rule 920470 in PL1While this content type is unusual, I think it does not qualify as "Illegal" and should not blocked by 920470
According to
-> https://httpwg.org/specs/rfc7231.html#header.content-type
-> https://httpwg.org/specs/rfc7231.html#media.type
-> and finally https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6
seem to indicate that
*
is an allowed character in the content-type header sub-typeTo reproduce, I used the sandbox with the following request
Audit Logs / Triggered Rule Numbers
920470 PL1 Illegal Content-Type header
Your Environment
Sandbox at https://sandbox.coreruleset.org/, default settings
Confirmation
[ x ] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.
The text was updated successfully, but these errors were encountered: