When i use path/query string rewrite rule WAF not handle injections

Anonymous
2023-09-20T13:17:53.2133333+00:00

When i use path/query string rewrite rule WAF not handle injections. When remove the rule all work as expected.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,048 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 25,841 Reputation points Microsoft Employee
    2023-09-21T01:43:50.89+00:00

    @Anonymous

    Thank you for reaching out.

    Based on your description, it seems that you are facing an issue with the WAF not handling injections when using path/query string rewrite rules.

    In Azure Application Gateway WAF rules are evaluated before the routing rules are applied. As documented here if a request is valid and not blocked by WAF, the application gateway evaluates the request routing rule that's associated with the listener.

    It will help if you can elaborate more on your set-up and path/query string rewrite rule above, as it will help us troubleshoot the issue. Thank you!

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.