931100- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link exclusion rules

Question

Hello, Can anyone help me with this.

We enabled WAF rules for my Azure app services and facing one issue with the rule "931100- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link".

Because of above rule i am getting the issue when we are requesting the below URL.

https://qma-engageidentity.vmmcorp.com/Account/HomeRealm?ReturnUrl=/connect/authorize/callback?response_type=code&client_id=AdminId&redirect_uri=https://qma-admin.vmmcorp.com/&scope=openid

Is this because of having different domains for the requested resource and the redirect uri resource?

We tried disabling the rule "931100- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link" and it is working fine.

Disabling the rule is the only option we have? If not, Can you suggest the alternatives to fix this show stopper issue.

Thanks in advance.

Answer 1

Hello,

Yes, this is because you are using different domains for the requested resource and the redirect uri resource.

You can create a custom WAF rule to allow requests for your specific use case while keeping the default rule enabled.

Here's how to create a custom WAF rule in the Azure portal:

1. Go to the Azure portal and navigate to your Web Application Firewall (WAF) policy.
2. In the "Settings" section, click on "Custom Rules."
3. Click on "Add" to create a new custom rule.
4. Give your rule a name and a description.
5. Set the "Rule type" to "Match."
6. In the "Match variables" section, select "RequestUri" as the variable and set the "Operator" to "Contains." Then, add the specific domain or pattern that you want to allow.
7. Set the "Action" to "Allow."
8. Click on "Add" to save the custom rule.

If this answer helped please mark it as accepted so others can find this topic.

Regards