Application gateway WAF - blocking url parameters
Hello,
I have a Windows server with few running REST services on it.
URLs:
Example 1: https://service.company.com/api/MyService/Login/?user='tom'&pass='123456'
Example 2: https://service.company.com/api/MyService/Login/?user=tom&pass=123456
Example 1 is NOT WORKING -> Blocked -> REQUEST-949-BLOCKING-EVALUATION
Example 2 is WORKING FINE.
But I can only generate example 1 code - so I need somehow to allow the character ' before and after the text parameter values?
Is this somehow possible?
One solution is the exclude the attribute (parameter name) from checking -> e.g. "user" and "pass". But I have other REST calls with same text prefix and postfix.
I hope someone can help me.
Greetings,
/Werner