The SignalR's messageId value

Question

I use SignalR for my ASP.Net Application with longPolling protocol. I see that the client send the \signalr\pool request to server with the messageId form data: d-B1017AFE-SC,B8|bW,0|bs,1|bx,2.

I'm looking for the documents which describe the d-B1017AFE-SC,B8|bW,0|bs,1|bx,2 format but not yet. Please help me to understand it. Below image was captured from Chrome Dev Toll which explains what I said.

My customer uses Azure WAF to protect the site. The Azure WAF report show that above request belong to the Command Injection risk because the messageId contain |bw,|bs, |bx that match the |ps rule in Azure WAF. So I need to understand the messageId content to explain for my customer and ask them customize the rule to ignore the request.

Below is the WAF description in the report:

[{'riskGroup':'','match':'Vector Score: 5, Group Threshold: 4, Triggered Rules: 950006, Mitigated Rules: , Last Matched Message: System Command Injection','threshold':'4','type':'riskscore','version':'1','score':0,'atomics':[{'score':5,'riskGroup':'CMD-INJECTION-ANOMALY','match':'|ps','ruleName':'System Command Injection','selector':'ARGS:messageId','ruleId':'950006','version':'7'}],'actionId':'alert','ruleName':'CMD-INJECTION-ANOMALY','action':'Alert','selector':'','ruleId':'CMD-INJECTION-ANOMALY','category':'Command Injection'}]

Answer 1

This looks right. The messageId tells the server what was the last message the client received. It looks something like this d-3104A0A8-H,0%7CL,0%7CM,2%7CK,0 and Chrome is translating %7C to |.

This document explains the SignalR protocol very well.

Internally, it looks to be based on the deserialized response.