简体繁体中英

Error : API break when values("=?", "nc") passes in stage where cloud armor rules are defined

原文 2022-02-15 08:07:06 2 1 node.js/ google-cloud-platform/ google-cloud-armor

My (node.js) API is working properly in localhost but when i sending some special values in stage (server side) where Google-cloud-armor rules are defined then some values ("nc","=?") are blocked and the warning is bad request 403, the content-type in response header is getting changed from “application/json” to “text/html”. enter image description here

1 answers

your server is protected by Google-armor, where some rules are defined for sqli injection and many more, the value "nc" is blocked by the Google-armor because, it is a cross-platform command.netcat, there are many more which can be blocked by the armor. you can solve this by encrypting the value and pass the encrypted value and decrypt it on the server but this may lead to some sql injection, after decrypting you need to check the string for any kind of sql injection.

is there any google API to check and count number of Armor Policies rules defined under a project. i have to count number of custom rules

How to know if the attack hit the preconfigure rules on google cloud armor?

GCP Cloud armor Quota 'SECURITY_POLICY_RULES' exceeded. Limit: 0.0 globally error for Free tier account

No integration defined for method - Choose a stage where your API will be deployed

Google Cloud Armor

Google Cloud Armor rule partial URL encoded

Google Cloud Armor doesn't seam to interpret reCaptcha enterprise score

Why some rule actions are disabled in google cloud armor?

GCP cloud armor SQLI injection protection blocking valid POST

How can i use cloud armor on nginx ingress controller?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question is there any google API to check and count number of Armor Policies rules defined under a project. i have to count number of custom rules How to know if the attack hit the preconfigure rules on google cloud armor? GCP Cloud armor Quota 'SECURITY_POLICY_RULES' exceeded. Limit: 0.0 globally error for Free tier account No integration defined for method - Choose a stage where your API will be deployed Google Cloud Armor Google Cloud Armor rule partial URL encoded Google Cloud Armor doesn't seam to interpret reCaptcha enterprise score Why some rule actions are disabled in google cloud armor? GCP cloud armor SQLI injection protection blocking valid POST How can i use cloud armor on nginx ingress controller?

Related Tags

Error : API break when values("=?", "nc") passes in stage where cloud armor rules are defined

Question

1 answers

solution1 0 ACCPTED 2022-03-08 05:47:31

solution1
0 ACCPTED 2022-03-08 05:47:31