Searching for more than two numeric terms fails (client hangs) - WAF blocking the request #37
Description
The Sprout referral text search field allows multiple search terms.
if the search terms are numeric, it only does this for two terms, and breaks with more than two:
1917527 or 3328397 - results for both
2326506 or 1917527 - results for both
2326506 or 1917527 or 3328397 : sticks with 'loading..' message.
Comment from Keith:
"I can see the 2 term or search in the logs but the 3 term search never makes it. I tried 3 directly in the db and it works. Seems like it’s getting stuck before issuing the query."
I just observed that with the three numeric search terms, I got a 403 error response for the API call in the console
good API request for 2 terms
https://www.sproutservices.org/api/visitation/referrals?sortBy=reportActivity&referralState[]=Requested&referralState[]=Accepted&referralState[]=Rejected&referralState[]=Scheduled&referralState[]=In+Progress&term=2326506+or+1917527&page=1
Looking at that API request directly, it looks like the cloudfront WAF is blocking this, so we are tripping one of our rules, maybe it gets flagged as SQL injection
this one has several names separated by OR, the URL length exceeds the bad one above, so the rule is not about long URL