Kibana cookies contain “–” characters in the SID which causes the user requests to get blocked in the azure WAF

Jayasree_N · March 12, 2024, 9:53pm

Hi,

We are facing issue while using kibana using with URL,

Whenever the user log-in to kibana with the RBAs user creds the user gets 403 error from the kibana servers. As we debugged the issue we came to know that the user requests are getting blocked at the Azure WAF level because the cookie SID contains "--" characters in it.

The message WAF states is the "SQL comment sequence detected".

Any help would be appreciated on this.

system · April 9, 2024, 9:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana cookies contain "--" characters in the SID which causes the user requests to get blocked in the azure WAF Kibana	1	195	November 28, 2023
Kibana 7.17 dashboard URL in iframe sid cookie getting rejected by browser Kibana elastic-stack-security	10	1401	June 9, 2022
Azure AD SAML auth - 403 - Forbidden Elasticsearch elastic-stack-security	2	1340	July 13, 2019
Azure Active directory, SAML authentication Elasticsearch elastic-stack-security	6	2539	May 10, 2019
Config Error 403: "error":{"message":"blocked by: [FORBIDDEN/8/index write (api)];: [cluster_block_exception] blocked by: [FORBIDDEN/8/index write (api)];","name":"Error","stack":"[cluster_block_exception] blocked by: [FORBIDDEN/8/index write (api)] Kibana	3	1796	July 29, 2021

Kibana cookies contain “–” characters in the SID which causes the user requests to get blocked in the azure WAF

Related topics