Simply encoding SQL in base64 for transmission will not bypass the WAF gateway about openobserve HOT 10 OPEN

Which API request was blocked, please give some detail.

from openobserve.

webUI


I am certain that this firewall will decode base64 and recognize it as SQL.

from openobserve.

I set ZO_UI_SQL_BASE64_ENABLED=true, and this WAF firewall will decode the Base64 and then intercept it.

from openobserve.

@miemieYaho i just fixed it, haven't make the release, do you use docker? then i can give you a test version.

from openobserve.

yes,i use docker

from openobserve.

Can you try this version:

public.ecr.aws/zinclabs/openobserve-dev:v0.10.6-rc1-f0cd361

with the ENV:

ZO_UI_SQL_BASE64_ENABLED = true

from openobserve.

This WAF firewall will inspect the entire request body. Even if it is simply base64 encoded, it will still be decoded and inspected.

from openobserve.

To prevent the WAF from decoding, the simplest method currently is to perform some obfuscation. For example, insert an 'a' every 5 characters in the base64 encoded string

from openobserve.

To prevent the WAF from decoding, the simplest method currently is to perform some obfuscation. For example, insert an 'a' every 5 characters in the base64 encoded string

This is a function, but i don't think this is a good solution for us, it is a hacking solution.

will keep track it.

from openobserve.

Then you can consider using symmetric encryption, with the key specified in an environment variable, such as AES
or change the request body like this(I am using this method to bypass the WAF):

{
    "table": "target_table",
    "where":"id = 123 and age > 2",
    "order" :"created_at desc"
}

from openobserve.