Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OWASP Standards compatibility for OAS and Siebel application
Organization Name (Required - If you are an Oracle Partner, please provide the organization you are logging the idea on behalf of): Reckitt
Description (Required): OAS and Siebel application in Reckitt is being access through the Azure Application Gateway. We are using WAF on Application Gateway based on core rule Sets from OWASP. When we try to access the OAS and Siebel application through Application gateway in Prevention Mode, some of the URI is getting blocked since it is violating the OWASP Standards, so we have to access the application through Detection mode which is a security risk since it cant prevent the SQL injections or any vulnerabilities in the request.
Use Case and Business Need (Required): We need to make the OAS and Siebel application to follow all the OWASP Standards. Below are the URI requests which are getting blocked by the Azure WAF OWASP
1. tx.restricted_extensions - CRS rule- 920440
Solution - edit the .dll type of extensions from OAS application URL 'https://acceleratesso.reckitt.cloud/analytics/saw.dll' used for Siebel - OAS Integration
2. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI - CRS rule - 920220
Solution - edit the non-hexa values from app URI path
3. Multiple URL Encoding Detected - CRS rule 920230
Solution - edit "%u" symbol from arguments of http headers
Enhancement Request / Service Request: SR 3-29402404611