931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link Exclusions

Aditya Parcha 0 Reputation points

Hello, Can anyone help me with this.

We enabled WAF rules for my Azure app services and facing one issue with the rule "931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link".

Because of above rule i am getting the issue when we are requesting the below URL.


Is this because of having different domains for the requested resource and the redirect uri resource?

We tried disabling the rule "931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link" and it is working fine.

Disabling the rule is the only option we have? If not, Can you suggest the alternatives to fix this show stopper issue.

Thanks in advance.

Azure Web Application Firewall
{count} votes

1 answer

Sort by: Most helpful
  1. TP 55,471 Reputation points


    Have you tried adding an exclusion scoped to that specific rule for redirect_uri query string argument? Article below explains in more detail:

    Web Application Firewall exclusion lists


    Additionally, please see GitaraniSharma-MSFT's answer in question below:


    If the above answers your question please click Accept Answer. If you are still having an issue please add a comment and I'll assist further.