Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,213 questions
Wordpress Save actions blocked in Azure WAF
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 14.000000000000002%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Kaustubh Bapat
16
Reputation points
Hello,
A website is developed in WordPress and hosted on Azure VM with Azure application Gateway in front.
Azure WAF is enabled with default rules OWASP 3.2
WordPress save actions are getting blocked by WAF. These actions are performed by known person and these are usual actions
For example, Contact Form 7 saving or User saving or Save the post etc.
We have gone through exclusion list and custom rules as well.
But all the WordPress actions are getting blocked and it is not practical to check and add rules/exclusions one by one.
Can anyone suggest a way? If there is some ruleset or policy specifically designed for WordPress?
Thanks.
Azure Application Gateway
Azure Web Application Firewall
Azure Web Application Firewall
An Azure service that provides protection for web apps.
361 questions
{count} votes
-
GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator2022-12-29T13:00:37.013+00:00 Hello @Kaustubh Bapat ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you have a website developed in WordPress and hosted on Azure VM with Azure application Gateway in front, where all the WordPress actions are getting blocked by Azure WAF and you would like to know if there is some ruleset or policy specifically designed for WordPress.
Azure WAF doesn’t have a managed rule set or default exclusion list just for wordpress. The rulesets present in Azure WAF can be found in the below link.
Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=owasp32If you don't want to disable rules or add exclusions, you may have to write a custom rule for your setup. The custom rules can either block, allow, or log requested traffic based on matching criteria. Custom rules allow you to create your own rules that are evaluated for each request that passes through the WAF. These rules hold a higher priority than the rest of the rules in the managed rule sets.
Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overviewI see that you also have a support request raised for this issue, where the support team has provided same information.
Regards,
Gita -
GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator
2023-01-03T07:52:57.677+00:00 Hello @Kaustubh Bapat ,
Could you please provide an update on this post?
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Gita -
GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator
2023-01-05T10:28:41.763+00:00 Hello @Kaustubh Bapat , could you please provide an update on this post?
Kindly let us know if you need further assistance on this issue.
Regards,
Gita -
Kaustubh Bapat 16 Reputation points
2023-01-07T12:31:39.477+00:00 thanks for your help
Sign in to comment
Sign in to answer