AWAF Path Parameters with OPENAPI json file
Hi, Iam securing a API with a JSON OPENAPI file it mostly works fine however I have two positional parameters used in one url that seems to mask the following paths "/dqm/v1/projects/{customerId}/{pageNumber} & /dqm/v1/projects/projectDetails/{workRequestId}" The result is illegal parameter length violations on a url that is actually valid. the two paths have different operationId headers associated with them Does the WAF use the operationId to match the Path? It appears not as if I delete the operation Id from the api file then the policy matches the correct URL.
Any assistance in ubderstanding what is happening and why is appreaciated.
Allowed URL's
extract from JSON openAPI file
/dqm/v1/projects/{customerId}/{pageNumber}:
get:
tags:
- customer-projects-controller
operationId: getCustomerProjectsForIdperPage
parameters:
- name: customerId
in: path
required: true
schema:
type: string
- name: pageNumber
in: path
required: true
schema:
type: string
responses:
'200':
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/CustomerProjectsResponse'
/dqm/v1/projects/projectDetails/{workRequestId}:
get:
tags:
- customer-projects-controller
operationId: getProjectDetailswithID
parameters:
- name: workRequestId
in: path
required: true
schema:
type: string
responses:
'200':
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/ProjectDetailsResponse'
The resolution to this issue is to use the WildCards Order TAB to set the order the URLS should be processed.