Section refresh violates AWS WAF rule awswaf:managed:aws:core-rule-set:GenericLFI_Body
Hi
We have a section ( Proprietary information hidden) that is inside another section (1.1.1) , the section has radio buttons , at run time it will display Yes and No option.
When the site is logged in via the external url (with F5 WAF and AWS WAF ), and when user clicks on the Yes/No radio button, it sends a XHR (ajax call) to server, this XHR call returns http 200. However the response of this XHR contains the html content without expected values :
Expected value:
"Phone":"610432123123","PhoneNumber":"610432123123","ContactAddressDetails":{"AddressLine5":""," ...
Actual value:
"Phone":"","PhoneNumber":"","ContactAddressDetails":{"AddressLine5":""," ...
This issue does not occur if logged in using the internal url (behind F5 WAF and AWS WAF)
We have a section and in that section we 
We found out from AWS WAF that this rule was violated :
Hi
We have a section ( Proprietary information hidden) that is inside another section (1.1.1) , the section has radio buttons , at run time it will display Yes and No option.
When the site is logged in via the external url (with F5 WAF and AWS WAF ), and when user clicks on the Yes/No radio button, it sends a XHR (ajax call) to server, this XHR call returns http 200. However the response of this XHR contains the html content without expected values :
Expected value:
"Phone":"610432123123","PhoneNumber":"610432123123","ContactAddressDetails":{"AddressLine5":""," ...
Actual value:
"Phone":"","PhoneNumber":"","ContactAddressDetails":{"AddressLine5":""," ...
This issue does not occur if logged in using the internal url (behind F5 WAF and AWS WAF)
We have a section and in that section we
We found out from AWS WAF that this rule was violated :
awswaf:managed:aws:core-rule-set:GenericLFI_Body According to AWS doc:
Inspects for the presence of Local File Inclusion (LFI) exploits in the request body. Examples include path traversal attempts using techniques like ../../.
Rule action: Block
The arg that it blocked is:
args: type=js3&sn=v_4_srv_1_sn_B0B6D8C6358E58D52A1BCE5ACA85FE71_perc_100000_ol_0_mul_1_app-3A1ffa1a5556acd3d0_1_app-3A1b2c531c4bee9ef6_1&svrid=1&flavor=post&vi=QQUHDOMFNAWTBHFHMFKRJECQPOCEIKLC-0&modifiedSince=1635718157207&rf=https://_____.test.___.___.au/prweb/sso/app/DataAcquisition_/-_____4_E-2ICRvmpcUD64CKYDdU7DdFrph5iBjCQGY*/!STANDARD?pyActivity=%40baseclass.doUIAction&isSDM=true&action=openAssignment&portalName=ProviderPortal&portalThreadName=STANDARD&tabIndex=1&api=openAssignment&SkipConflictCheck=true&key=ASSIGN-WORKLIST%20ABS-DA-ACQUISITION-WORK-OBLIGATION%207594989047!GETSURVEYINFO&contentID=6a2321a7-29dd-7629-c80d-85ccc496ab25&dynamicContainerID=a4dbad27-1425-4eb8-8885-c126696072e0&pzHarnessID=HIDED943782A164C5812165F684007A8855&bp=3&app=f8c913108bdb9093&crc=3052657892&en=cvlcilb0&end=1
But i cannot figure out what is wrong with this arg . I also checked the request body of the XHR call , it does not contain any characters that would be part of the Local File Inclusion
Has anyone encountered this situation before ? Please let me know if there is a way to tweak pega to avoid violating the LFI rule. Thanks