Kibana cookies contain “–” characters in the SID which causes the user requests to get blocked in the azure WAF


We are facing issue while using kibana using with URL,

Whenever the user log-in to kibana with the RBAs user creds the user gets 403 error from the kibana servers. As we debugged the issue we came to know that the user requests are getting blocked at the Azure WAF level because the cookie SID contains "--" characters in it.

The message WAF states is the "SQL comment sequence detected".

Any help would be appreciated on this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.