Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Dennis Fiorentino 2 posts 72 karma points
    Feb 06, 2024 @ 15:57
    Dennis Fiorentino
    0

    Umbraco Backoffice API is getting blocked by WAF

    Hi,

    I'm getting a few errors related to some requests being blocked by a WAF appliance, so I wonder if it's possible to customize the response from the backoffice API to avoid that false/positive ¿?

    Authorization error: Unauthorized access to URL: /umbraco/backoffice/umbracoapi/content/PostSave

    Any thoughts ¿?

    Copy Link
  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Feb 06, 2024 @ 16:54
    Jeffrey Schoemaker
    1

    Hi Dennis,

    No unfortunately not in my experience. You need to white list these requests on the WAF. Save actions in Umbraco can contain strings of json for example, and that triggers the WAF probably. That is normal behavior of Umbraco, and normal behavior of your WAF.

    Hope this helps,

    Jeffrey Schoemaker Perplex Digital

    Copy Link
  • Dennis Fiorentino 2 posts 72 karma points
    Feb 06, 2024 @ 20:01
    Dennis Fiorentino
    0

    at least one had to ask... But now I wonder if those json responses can be modified from the controller ¿?

    Copy Link
  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Feb 07, 2024 @ 07:39
    Jeffrey Schoemaker
    0

    Hi Dennis,

    You can always ask anything around here :)

    But I wouldn’t put too much time in trying to work your way around the Umbraco responses. For example the grid, the block list, nested content and other complex data types use json. Also saving Umbraco Forms is probably json being sent and being retrieved.

    So the best way, and the easiest way is to train the WAF.

    Does that help?

    Kind regards, and good luck configuring your WAF,

    Jeffrey

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft