This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

APIGEE endpoint is returning 403 forbiden error if the request payload contain "union" or "select"

Posted on 08-22-2023 06:48 PM
manojkumar1501
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello Team,

I built an APIGEE API proxy endpoint, which works perfectly fine if the request payload does not contain "union" or "select" keyword in it. As soon as I add the "union" or "select" keyword in my request body payload, it starts failing with 403 forbidden error.

If I directly use my internal API which is being called within the APIGEE endpoint, it works fine with "union" or "select" keywords.

I tried to debug the proxy in debug mode but the 403 request is not showing in the list. I also tried to see the log explorer to get more information on it but no luck.

Here is my request payload look like:-

Valid request without "select" or "union" keywords:-

{"data":[{"messageId":"1111111","assetStatus":{"assetName":"AAAAA","assetType":"Container"},"positionStatus":{"city":"CHEYENNE","state":"WY","street":"UNNAME ROAD","zipCode":null,"country":"US","address":" ROAD, CHEYENNE, WY 82009, USA"}}]}
 
Valid request without "union" keyword which is failing with 403 error:-
{"data":[{"messageId":"1111111","assetStatus":{"assetName":"AAAAA","assetType":"Container"},"positionStatus":{"city":"CHEYENNE","state":"WY","street":"union UNNAME ROAD","zipCode":null,"country":"US","address":" ROAD, CHEYENNE, WY 82009, USA"}}]}
 
Awaiting for quick response.
 
Thanks
Solved Solved
0 3 588
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
manojkumar1501
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello Team,

Thanks for sharing the options to resolve this issue.

I tried using RegularExpressionProtection policy in Apigee, but did got any resolution.

After reading couple of articles and enabling verbose logging for Cloud Armor through Logging explorer, I came to know that there was a cloud armor policy which was causing this issue and denying the request to be processed.

After disabling the cloud armor policy the issue got resolved.

Thanks for your help. 

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Is it possible you have a WAF in front of Apigee that is doing scans on payloads, looking for SQL injection attacks?

Is it possible you have a RegularExpressionProtection policy in Apigee, that scans for union or select as keywords? 

 

Jump to Solution

Posted on --/--/---- --:-- AM
manojkumar1501
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello Team,

Thanks for sharing the options to resolve this issue.

I tried using RegularExpressionProtection policy in Apigee, but did got any resolution.

After reading couple of articles and enabling verbose logging for Cloud Armor through Logging explorer, I came to know that there was a cloud armor policy which was causing this issue and denying the request to be processed.

After disabling the cloud armor policy the issue got resolved.

Thanks for your help. 

Jump to Solution

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to manojkumar1501
Reply posted on --/--/---- --:-- AM

Excellent!   Thanks for the follow-up, and clarifying what solved it for you. very helpful.

Jump to Solution
0 Likes
Top Solution Authors
View all