931100- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link exclusion rules

Aditya Parcha 0 Reputation points
2023-04-28T11:39:58.9533333+00:00

Hello, Can anyone help me with this.

We enabled WAF rules for my Azure app services and facing one issue with the rule "931100- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link".

Because of above rule i am getting the issue when we are requesting the below URL.

https://qma-engageidentity.vmmcorp.com/Account/HomeRealm?ReturnUrl=/connect/authorize/callback?response_type=code&client_id=AdminId&redirect_uri=https://qma-admin.vmmcorp.com/&scope=openid

Is this because of having different domains for the requested resource and the redirect uri resource?

We tried disabling the rule "931100- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link" and it is working fine.

Disabling the rule is the only option we have? If not, Can you suggest the alternatives to fix this show stopper issue.

Thanks in advance.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
691 questions
Azure Web Application Firewall
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
96 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,019 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Boris Von Dahle 3,126 Reputation points
    2023-04-29T15:18:49.8233333+00:00

    Hello,

    Yes, this is because you are using different domains for the requested resource and the redirect uri resource.

    You can create a custom WAF rule to allow requests for your specific use case while keeping the default rule enabled.

    Here's how to create a custom WAF rule in the Azure portal:

    1. Go to the Azure portal and navigate to your Web Application Firewall (WAF) policy.
    2. In the "Settings" section, click on "Custom Rules."
    3. Click on "Add" to create a new custom rule.
    4. Give your rule a name and a description.
    5. Set the "Rule type" to "Match."
    6. In the "Match variables" section, select "RequestUri" as the variable and set the "Operator" to "Contains." Then, add the specific domain or pattern that you want to allow.
    7. Set the "Action" to "Allow."
    8. Click on "Add" to save the custom rule.

    If this answer helped please mark it as accepted so others can find this topic.

    Regards

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.