Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix C# WAF policy violations #5659

Closed
cleemullins opened this issue Jun 11, 2021 · 0 comments · Fixed by #5926
Closed

Fix C# WAF policy violations #5659

cleemullins opened this issue Jun 11, 2021 · 0 comments · Fixed by #5926
Labels
Area: Engineering Internal issues that are related to improving code quality, refactorings, code cleanup, etc. bug Indicates an unexpected problem or an unintended behavior. P0 Must Fix. Release-blocker Size: M The issue is not very complex and it is well understood, it will take 1 to 3 days to complete
Milestone
R15

Comments

@cleemullins
Copy link
Contributor

cleemullins commented Jun 11, 2021
edited
Loading

WAF policy violations that appears to be originating from bot framework SDK. Details are listed below. Turning application gateway WAF to prevention mode caused api/messages calls to get blocked due to the following policy violations.

These exceptions are being generated from skills and are originating from both .Net SDK (composer bots) and Node JS Sdk (Node JS skill bots).

WAF Rule Description (Documentations on rules)
920300 Request Missing an Accept Header
931130 Possible Remote File Inclusion (RFI) Attack = Off-Domain Reference/Link
942130 SQL Injection Attack: SQL Tautology Detected.

JS Tracking Bug: microsoft/botbuilder-js#3739
@cleemullins cleemullins added bug Indicates an unexpected problem or an unintended behavior. P0 Must Fix. Release-blocker Area: Engineering Internal issues that are related to improving code quality, refactorings, code cleanup, etc. Size: M The issue is not very complex and it is well understood, it will take 1 to 3 days to complete labels Jun 11, 2021
@cleemullins cleemullins added this to the R15 milestone Jun 11, 2021
@cleemullins cleemullins changed the title Fix WAF policy violations Fix C# WAF policy violations Jun 11, 2021
@cleemullins cleemullins mentioned this issue Jun 11, 2021
Closed
@EricDahlvang EricDahlvang mentioned this issue Oct 22, 2021
Merged
@EricDahlvang EricDahlvang mentioned this issue Oct 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Engineering Internal issues that are related to improving code quality, refactorings, code cleanup, etc. bug Indicates an unexpected problem or an unintended behavior. P0 Must Fix. Release-blocker Size: M The issue is not very complex and it is well understood, it will take 1 to 3 days to complete
Projects
None yet
Milestone
R15
Development

Successfully merging a pull request may close this issue.

Add */* accept header to ConnectorClient httpclient microsoft/botbuilder-dotnet
1 participant
@cleemullins