Dedupe with multi-select custom fields can trigger IDS
When deduping contacts that have multi-select custom fields, and selecting to move the custom fields to the new contact, the IDS is triggered.
Steps to replicate
- Create a custom field that allows saving multiple values (e.g. a checkbox). Note that you need several of these to trigger the "kick" on the IDS (3, I think).
- Create two contacts that are duplicates.
- Find and merge the records.
Expected result
Contacts merged successfully.
Actual result
"Your activity is a bit suspicious, hence aborting"
The issue is the POST request, which is passing arguments like move_custom_12
with the VALUE_SEPARATOR
control character. This triggers the IDS filter labeled "Detects nullbytes and other dangerous characters".
I'm really not certain what the correct answer is here - I can exempt users from the IDS, and maybe that's the solution to pursue, but it seems like there should be another solution available. Is it possible to exempt certain paths from the IDS, or use an alternate set of rules for a certain path?
Keyword: Intrusion Detection System