Jupyterhub running behind Apisix ingress enabled with coraza plugin is not able to spawn notebooks

Hello Team,
I have a jupyterhub instance where users login with OIDC provider (keycloak) and spawn jupyter notebooks. This jupyterhub is running behind Apisix ingress. Everything works fine. recently, I have enabled coraza wasm plugin on Apisix for WAF capabilities. from then on, I couldn’t spawn notebooks from jupyterhub and getting 403:forbidden error. I found below error in apisix logs.

2024/10/15 04:49:17 [emerg] 50#50: *72040 [client “”] Coraza: Warning. URL file extension is restricted by policy [file “@owasp_crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “2518”] [id “920440”] [rev “”] [msg “URL file extension is restricted by policy”] [data “.com”] [severity “critical”] [ver “OWASP_CRS/4.0.0-rc2”] [maturity “0”] [accuracy “0”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “paranoia-level/1”] [tag “OWASP_CRS”] [tag “capec/1000/210/272”] [tag “PCI/6.5.10”] [hostname “”] [uri “/spawn/user-email@xxxx.com”] [unique_id “yUpadaxbWgjbs”], client: 10.1.3.0, server: _, request: “GET /spawn/user-email@xxxx.com HTTP/1.1”, host: “jupyterhub-test.xxxx.xxx”, referrer: “https://jupyterhub-test.xxxx.xx/hub/admin

The apisix coraza wasm plugin is not allowing any request with “.com” extention< which is the user’s email. why the apisix coraza wasm plugin thinks this as a vulnerability. Do I need to change anything jupyterhub to resolve this and tell apisix that it is a legitimate request ?
below is the apisix coraza wasm configuration

global_rules:

  • id: 1
    plugins:
    coraza-filter: #1
    conf:
    directives_map: #2
    default:
    - SecDebugLogLevel 9 #3
    - SecRuleEngine On #4
    - Include @crs-setup-conf #5
    - Include @owasp_crs/*.conf #6
    default_directives: default #7

Any help would be useful.

Since no-one here has replied you might have more responses on a Apisix forum as that’s where the problem lies. If you do find an answer please share it here in case anyone else has the same problem.