Kibana cookies contain "--" characters in the SID which causes the user requests to get blocked in the azure WAF

sahadev_d · October 31, 2023, 5:45am

Hi Community,

We are facing issue while using kibana using with URL,

Whenever the user log-in to kibana with the RBAs user creds the user gets 403 error from the kibana servers. As we debugged the issue we came to know that the user requests are getting blocked at the Azure WAF level because the cookie SID contains "--" characters in it.

The message WAF states is the "SQL comment sequence detected".

Is there any possible way the we can make changes in kibana to not generate cookies having "--" characters in it.

Or any possible configuration that has the following option to disable cookies.
Kibana verions is 8.7.0 and ES 8.7.0 .
License : basic
Thanks in advance

system · November 28, 2023, 5:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana cookies contain “–” characters in the SID which causes the user requests to get blocked in the azure WAF Elastic Security	1	132	April 9, 2024
Kibana 7.17 dashboard URL in iframe sid cookie getting rejected by browser Kibana elastic-stack-security	10	1401	June 9, 2022
Azure AD SAML auth - 403 - Forbidden Elasticsearch elastic-stack-security	2	1340	July 13, 2019
Config Error 403: "error":{"message":"blocked by: [FORBIDDEN/8/index write (api)];: [cluster_block_exception] blocked by: [FORBIDDEN/8/index write (api)];","name":"Error","stack":"[cluster_block_exception] blocked by: [FORBIDDEN/8/index write (api)] Kibana	3	1796	July 29, 2021
User Impersonation broken after upgrade: 6.8 -> 7.3 Kibana	3	668	August 30, 2019

Kibana cookies contain "--" characters in the SID which causes the user requests to get blocked in the azure WAF

Related topics