跨域发布 Cookie

发布于 2025-01-20 21:33:53 字数 653 浏览 4 评论 0原文

我最近在我们面向公众的网站上启用了 WAF。这导致了许多误报，我相信合法用户偶尔会被阻止。

许多误报都是由 cookie 中的值引起的，这些值触发了规则，但经过检查，这些 cookie 似乎不属于我们或我们的域...

我见过的最令人困惑的是

"matchVariableName": "CookieValue:handl_url",
"matchVariableValue": "https://xxxxxxx.com/competition-terms?utm_source=hs_email&utm_medium=email&_hsenc=[removed--hash]"

在 google 上进行快速搜索对于“handl_url”表明cookie用于存储创建cookie的URL，但是cookie中的域不是我们的域...

所以我的问题是...

什么可能导致浏览器在其中发布cookie像这样的域名？
这可能是浏览器有问题或网站受到攻击吗？
这种情况在面向公众的网站上经常发生吗？

作为参考，我们在网站上使用 Google 跟踪代码管理器 (gtm)，因此它们可能是我们网站上嵌入的其他网站的链接，但我很确定示例中的域不是其中之一。

谢谢，

丹尼尔

原文

I recently switched on a WAF on our public facing website. This has caused a number of false positives and I believe legitimate users are occasionally getting blocked.

Many of these false positives are being caused by values in cookies which are triggering rules but upon inspection it looks like these cookies don't belong to us or our domain...

The most baffling one I've seen is

"matchVariableName": "CookieValue:handl_url",
"matchVariableValue": "https://xxxxxxx.com/competition-terms?utm_source=hs_email&utm_medium=email&_hsenc=[removed--hash]"

A quick search on google for "handl_url" suggests that the cookie is used to store the URL that the cookie was created on, but the domain in the cookie is not our domain...

So my questions are...

what could cause a browser to post cookies across domains like this?
could this be a bugged browser or attack on the website?
does this happen commonly on public facing websites?

For reference, we use Google Tag Manager (gtm) on our site so their may be links to other sites embedded on our website but I'm pretty sure the domain in my example isn't one of them.

Thanks,

Daniel

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

盗梦空间 2025-01-27 21:33:53

看起来有问题的 cookie 包含一个 URL，并且可能与跟踪参数相关，可能来自使用 HubSpot 的电子邮件活动（如 _hsenc 参数所示）。 Cookie 中的域与您的域不匹配可能是由于跟踪 Cookie 的工作方式所致。

以下是对此行为的一些可能的解释：

Possible Causes:
    Third-Party Cookies: External resources (analytics, ads) can set cookies.
    Referer Leakage: Referring site's URL may be stored in a cookie.

Solutions:
    Whitelist Domains: Allow legitimate third-party domains.
    Refine WAF Rules: Fine-tune rules to prevent false positives.
    Adjust Cookie Handling: Be more lenient or exclude specific cookies.
    Check Browser Extensions: Ensure no unexpected extensions inject cookies.
    User Education: Guide users on configuring browsers/extensions.
    WAF Provider Support: Consult with WAF provider for insights and assistance.

It seems like the cookie in question contains a URL and might be related to tracking parameters, possibly from an email campaign using HubSpot (as indicated by the _hsenc parameter). The fact that the domain in the cookie doesn't match yours could be due to the way tracking cookies work.

Here are some possible explanations for this behavior:

Possible Causes:
    Third-Party Cookies: External resources (analytics, ads) can set cookies.
    Referer Leakage: Referring site's URL may be stored in a cookie.

Solutions:
    Whitelist Domains: Allow legitimate third-party domains.
    Refine WAF Rules: Fine-tune rules to prevent false positives.
    Adjust Cookie Handling: Be more lenient or exclude specific cookies.
    Check Browser Extensions: Ensure no unexpected extensions inject cookies.
    User Education: Guide users on configuring browsers/extensions.
    WAF Provider Support: Consult with WAF provider for insights and assistance.

回复收藏 0 原文

~没有更多了~