umbraco backoffice api is getting blocked by waf

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Dennis Fiorentino 2 posts 72 karma points

Feb 06, 2024 @ 15:57

0

Umbraco Backoffice API is getting blocked by WAF

Using Umbraco And Getting Started

Umbraco 9

Hi,

I'm getting a few errors related to some requests being blocked by a WAF appliance, so I wonder if it's possible to customize the response from the backoffice API to avoid that false/positive ¿?

Authorization error: Unauthorized access to URL: /umbraco/backoffice/umbracoapi/content/PostSave

Any thoughts ¿?

Copy Link
[email protected] 406 posts 2135 karma points MVP 7x c-trib

Feb 06, 2024 @ 16:54

1

Hi Dennis,

No unfortunately not in my experience. You need to white list these requests on the WAF. Save actions in Umbraco can contain strings of json for example, and that triggers the WAF probably. That is normal behavior of Umbraco, and normal behavior of your WAF.

Hope this helps,

Jeffrey Schoemaker Perplex Digital

Copy Link
Dennis Fiorentino 2 posts 72 karma points

Feb 06, 2024 @ 20:01

0

at least one had to ask... But now I wonder if those json responses can be modified from the controller ¿?

Copy Link
[email protected] 406 posts 2135 karma points MVP 7x c-trib

Feb 07, 2024 @ 07:39

0

Hi Dennis,

You can always ask anything around here :)

But I wouldn’t put too much time in trying to work your way around the Umbraco responses. For example the grid, the block list, nested content and other complex data types use json. Also saving Umbraco Forms is probably json being sent and being retrieved.

So the best way, and the easiest way is to train the WAF.

Does that help?

Kind regards, and good luck configuring your WAF,

Jeffrey

Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?