Jump to content

"Access Denied" - "You don't have permission to access..."

Go to solution Solved by Andy Millne,

Recommended Posts

Currently I am seeing within Akamai (the CDN & Web Application Firewall in use for www.zero88.com/forum) some blocked POST requests when end users are trying reply to an item on the forum. 

Something that spikes my interest is that it looks like that there are some values stored in a cookie which are being send together with the POST request which are classified by our WAF as a XSS attempt. 

When people clear their cache or visit the website incognito it seems that the issue does not happen which does somewhat confirm my initial thought it could be due to some string which is being sent with the POST request stored in a cookie (or something else which is happening when someone replies). But since I do not know anything about the application I cannot confirm or deny this.

To determine if this is actually an XSS attempt I would like to know how a valid POST looks like and if information stored in a cookie is actually sent with the POST request.

This information should help us investigate the issue further and hopefully determine if this is a false positive or not.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...