Live Helper Chat support forum.. Forum is locked. New place for questions - Github Discussions
You are not logged in.
- Topics: Active | Unanswered
Announcement
Pages: 1
#1 2016-03-24 02:50:30
- williambueti
- Member
- Registered: 2016-03-24
- Posts: 2
Sophos UTM Blocking LHC Cookie
Our company's Sophos UTM pattern-matches the URI encoded cookie LHC sets as being a potential sql script injection.
The cookie seems to be json data of key/value pairs being wrapped in double-quotes, which then get URI encoded to %22, and our UTM hits against the % symbol.
Adding an exception in the UTM wouldn't be an option, because that would leave our chat server open to sql injection: not a great solution.
I was wondering if anyone else had an issue with this?
It would be great if there was a way to set LHC to use multiple cookies for key/value pairs, rather than lumping all of the data into one json-formatted cookie.
I was thinking rather one cookie looking something like: lhc_cookie={"lhc_var1":"value","lhc_var2":"value"}
it would be more like: lhc_cookie_var1=value and lhc_cookie_var2=value
Thanks for the help in advance! 
Offline
#2 2016-03-24 16:15:30
- PeopleInside
- Administrator
- From: Italy
- Registered: 2014-04-10
- Posts: 4,046
- Website
Re: Sophos UTM Blocking LHC Cookie
Hi williambueti
thank you for your post.
Sorry I cannot help with that,
hope soon some one can reply to you here.
Have a great time!
PeopleInside - Live helper chat - free limited forum support!
For commercial support or GitHub [see FAQ here]
If you want to support this open source project, just donate [see support page]
Something wrong with the forum? [contact a superhero]
Offline
#3 2016-03-28 18:34:44
- williambueti
- Member
- Registered: 2016-03-24
- Posts: 2
Re: Sophos UTM Blocking LHC Cookie
If anyone is curious, the solution that worked for us was to use Base64 encoding/decoding of the cookie strings so that our UTM would play nicely with the values.
Offline
Pages: 1