931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link Exclusions

Question

931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link Exclusions

Aditya Parcha 0

Hello, Can anyone help me with this.

We enabled WAF rules for my Azure app services and facing one issue with the rule "931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link".

Because of above rule i am getting the issue when we are requesting the below URL.

https://qma-engageidentity.vmmcorp.com/Account/HomeRealm?ReturnUrl=/connect/authorize/callback?response_type=code&client_id=AdminId&redirect_uri=https://qma-admin.vmmcorp.com/&scope=openid

Is this because of having different domains for the requested resource and the redirect uri resource?

We tried disabling the rule "931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link" and it is working fine.

Disabling the rule is the only option we have? If not, Can you suggest the alternatives to fix this show stopper issue.

Thanks in advance.

ChaitanyaNaykodi-MSFT 27,666 Reputation points Microsoft Employee Moderator

2023-04-28T21:59:55.46+00:00

@Aditya Parcha

Welcome to the Microsoft Q&A forum.

Based on comment above.

Is this because of having different domains for the requested resource and the redirect uri resource?

Yes, your understanding is correct here.

Can you please let us know if your WAF is associated with a Front Door or an Application Gateway?

Thank you!
ChaitanyaNaykodi-MSFT 27,666 Reputation points Microsoft Employee Moderator

2023-05-01T23:46:54.89+00:00

@Aditya Parcha

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

1 answer

Your answer

ChaitanyaNaykodi-MSFT 27,666 Reputation points Microsoft Employee Moderator

2023-04-28T21:59:55.46+00:00

@Aditya Parcha

Welcome to the Microsoft Q&A forum.

Based on comment above.

Is this because of having different domains for the requested resource and the redirect uri resource?

Yes, your understanding is correct here.

Can you please let us know if your WAF is associated with a Front Door or an Application Gateway?

Thank you!
ChaitanyaNaykodi-MSFT 27,666 Reputation points Microsoft Employee Moderator

2023-05-01T23:46:54.89+00:00

@Aditya Parcha

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Answer 1

TP 155.4K Volunteer Moderator

Hi,

Have you tried adding an exclusion scoped to that specific rule for redirect_uri query string argument? Article below explains in more detail:

Web Application Firewall exclusion lists

https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal

Additionally, please see GitaraniSharma-MSFT's answer in question below:

https://learn.microsoft.com/en-us/answers/questions/905796/possible-remote-file-inclusion-(rfi)-attack-off-do

If the above answers your question please click Accept Answer. If you are still having an issue please add a comment and I'll assist further.

Thanks.

-TP

TP 155.4K Reputation points Volunteer Moderator

2023-05-11T15:39:17.08+00:00

@Aditya Parcha Any progress? Please click Accept Answer to close up this thread or if you still need assistance add a comment below.

Thank you.

Share via

931130- Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link Exclusions

1 answer

Your answer