Azure Web Application Firewall (WAF) REGEX for Match Variable Selector

Sibba Sailor 80 Reputation points
2023-03-24T11:14:04.4233333+00:00

Hi Experts,

We are trying to migrate our WAF solution to Azure WAF, and some validation rules use REGEX to match the Variable Selector. We are trying to implement the same on Azure WAF and are not sure if that is supported. The Azure Application Gateway WAF document does not cover that.

Basically what we are trying to achieve is, to implement this (attached image):

  1. Match type: String
  2. Match variable: PostArgs
  3. Post args selector: arg\d{1,4}
  4. Followed by Operation and Action

I am not sure if this is supported as the Azure Application Gateway WAF document does not mention it. We need a way to implement this rule so that it can cover multiple arg## instead of us having to create one rule for each. It is going to be difficult when we have, let's say, 100 args (arg1, arg2, arg3,......, arg100) or more.

Is it supported on Azure Application Gateway WAF? If not, what are the other ways/workaround to implement the same?

Thanks in advance!

User's image

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
957 questions
Azure Web Application Firewall
Accepted answer
  1. GitaraniSharma-MSFT 47,316 Reputation points Microsoft Employee
    2023-03-28T11:51:12.8133333+00:00

    Hello @Sibba Sailor ,

    I understand that you are trying to migrate your WAF solution to Azure WAF, and some validation rules use REGEX to match the Variable Selector. You are trying to implement the same on Azure WAF and would like to know if regex is supported in args selector.

    I contacted the Azure Web Application Firewall (WAF) Product Group team, and they mentioned the below:

    No, regex is not supported in args selector. As of today, there is no easy way other than creating separate rules.

    They've taken this use case into consideration and have added this feature ask into their backlog for future improvements.

    I would also encourage you to leave your feedback in the below forum requesting this feature. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest