How to add correct exclusion on Azure WAF?

Yurii Tsarienko 20 Reputation points
2024-05-13T11:59:44.36+00:00

Greetings. Please help in creating an exception to the rule:
OWASP_3.2 - Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link.

My web application generates requests like:

  • /_next/image?url=https%3A%2F%2Fdcxpblob.blob.core.windows.net%2Fpublic%2F9ea94f5e-14c0-c578-a38a-6cb05d07e1e0%2Flogo.png&w=32&q=75

The firewall perceives this as an attack. I made the following exceptions:

User's image But still, in Kibana, I see alerts like this:

User's image

Does this mean that the exception does not work, because the firewall generates logs warning about the event, and the goal is to make it ignore calls to Blob storages?

Thank you.

Azure Web Application Firewall
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 46,776 Reputation points Microsoft Employee
    2024-05-13T13:30:48.8133333+00:00

    @Yurii Tsarienko ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    Can you share the exact error message which you see in the ApplicationGatewayFirewallLog?

    • The detailed analysis of what blocked the request would be available in the "message" and "details" fields.
    • Without the above, how are you confirming that the block is because of "blob.core"?

    Cheers,

    Kapil

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.