I’m trying to implement Heap by using the provided JS script for my application (Angular FE).
Heap works fine locally, however when I move up to the QA environment; hosted in Azure; I’m starting to get logs in my application gateway about OWASP rules being violated. I confirmed this happens after I load the heap script.
Couple of rules being violated:
ruleId_s | Message |
980130 | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=15,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2 |
942370 | Detects classic SQL injection probings 2/2 |
949110 | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 15) |
980130 | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=15,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2 |
How can I bypass this issue ? Has someone encountered something similar and had to create custom WAF rules ?