Comments (10)
Which API request was blocked, please give some detail.
from openobserve.
webUI
I am certain that this firewall will decode base64 and recognize it as SQL.
from openobserve.
I set ZO_UI_SQL_BASE64_ENABLED=true, and this WAF firewall will decode the Base64 and then intercept it.
from openobserve.
@miemieYaho i just fixed it, haven't make the release, do you use docker? then i can give you a test version.
from openobserve.
yes,i use docker
from openobserve.
Can you try this version:
public.ecr.aws/zinclabs/openobserve-dev:v0.10.6-rc1-f0cd361
with the ENV:
ZO_UI_SQL_BASE64_ENABLED = true
from openobserve.
This WAF firewall will inspect the entire request body. Even if it is simply base64 encoded, it will still be decoded and inspected.
from openobserve.
To prevent the WAF from decoding, the simplest method currently is to perform some obfuscation. For example, insert an 'a' every 5 characters in the base64 encoded string
from openobserve.
To prevent the WAF from decoding, the simplest method currently is to perform some obfuscation. For example, insert an 'a' every 5 characters in the base64 encoded string
This is a function, but i don't think this is a good solution for us, it is a hacking solution.
will keep track it.
from openobserve.
Then you can consider using symmetric encryption, with the key specified in an environment variable, such as AES
or change the request body like this(I am using this method to bypass the WAF):
{
"table": "target_table",
"where":"id = 123 and age > 2",
"order" :"created_at desc"
}
from openobserve.
Related Issues (20)
- 502 Error on Real Time Monitoring Feature When Using HTTPS HOT 1
- Logs: On add to field table click, the UI via LHS does not show the selected on logs result
- Sankey chart length configurability
- Version: v0.10.7-rc4 gives ERROR in the logs: ingester::wal: Unable to open the wal file err: FileIdentifierMismatch, skip HOT 1
- Logs- Histogram not showing correct data on zoom in
- Dashboard- When page is idle for sometime, config appears blank HOT 1
- Logs- Histogram message to change for limit query
- Add trace_id for search usage reporting
- Internal error: Input field name <expr> does not match with the projection expression ...
- Unify the usage of reqwest/awc in the codebase.
- Cannot run docker image ARM64 on Raspberry Pi4 HOT 5
- Logs: Multi-stream selection issues/suggestions
- OAuth login fails due to incorrect token decoding
- Logs: Timestamp issue when selecting in SQL mode
- Stream name allows exclamation mark and stream is created but not displayed in list
- Logs from chrome-extension origin are not ingested
- Wrong data type for a field after applying a function
- Error in displaying for trace span info
- Custom range download can't work
- RUM API Failed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openobserve.