Forum Discussion
Should data that may contain OWASP triggers be base64 encoded?
I have an Application Gateway with a WAF that is blocking simple passwords that contain a ^
What is the best-practice for allowing special characters in a password field so the WAF does not see this as a potential SQL injection attack?
I am considering a base64 encoding but am looking to verify this is the correct route to take.
2 Replies
RexBloom we had same experience and we fixed it.
There are two quick option to fix it:
- Encrypt request body to base64,
- Create an Exclusion rules
For us point #1 was the best solution.
- Did you encrypt the whole body or only the password field?
