Hi,
We have an application for which we have been receiving complaints of 403 errors at the application gateway level. Now, below is the snapshot of the request headers of the site
So, we want to exclude all WAF blocks if the header contains the work Cookie as shown in the screen shot.
We went to the WAF configuration and added an exclusion rule - request header > equals> Cookie.
But we still received requests which were blocked by the WAF based on evaluating the cookie parameter, one example of a request that was blocked is shown here (this is from the details_message_s field in the WAF access logs)
Warning. Pattern match \"(/\*!?|\*/|[';]--|--[\\s\\r\\n\\v\\f]|(?:--[^-]?-)|([^\-&])#.?[\\s\\r\\n\\v\\f]|;?\\x00)\" at REQUEST_COOKIES:_gtrza ....
Now, we want WAF NOT to evaluate any rules if the request header contains the tern 'Cookie'. We have also tried adding exclusion criteria to request cookies in the WAF configuration, something like request cookies > starts with > _gtrza for this case. This works for this case,but after some days we will get a request being blocked where REQUEST_COOKIES will be something other than _gtrza. Till now we already have more than 10 such cookie exclusion configuration, hence we want the WAF to not evaluate anything that has the term cookie in the header OR something like - request cookies > starts with >*(ALL AND ANY VALUE)