How to resolve 403 errors for a service after changing WAF policy to protection mode?

Muthuramalingam, Bhuvaneswari 20 Reputation points
2023-11-17T15:32:13.0766667+00:00

We created a WAF policy with DETECTION mode on an application gateway but had to change it to PROTECTION mode as per security rules. Since then, there are 403 errors for one service. How can we resolve this issue?

<body>

<center><h1>403 Forbidden</h1></center>

<hr><center>Microsoft-Azure-Application-Gateway/v2</center>

</body>
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,090 questions
Azure Web Application Firewall
0 comments No comments
{count} votes

Accepted answer
  1. Carlos Solís Salazar 17,976 Reputation points MVP
    2023-11-17T21:45:00.54+00:00

    When encountering 403 errors after switching a Web Application Firewall (WAF) policy from DETECTION to PROTECTION mode on Azure's Application Gateway, it generally indicates that the WAF is now actively blocking requests it considers malicious or non-compliant with its rule set. Here's how you can approach resolving this issue:

    1. Review WAF Logs: Start by examining the logs of the Web Application Firewall. Azure WAF provides detailed logs that can help you understand which rules are being triggered. This information is crucial in identifying why the requests are being blocked.
    2. Identify Triggered Rules: Look for patterns in the logs to identify which specific WAF rules are causing the 403 errors. The WAF in PROTECTION mode will block requests that match any active rules deemed malicious.
    3. Analyze Request Patterns: Analyze the requests that are being blocked to determine if they are legitimate or if they might inadvertently be triggering WAF rules. Sometimes, legitimate application behavior can be mistaken for an attack by WAF.
    4. Modify WAF Rules: Based on your findings, you might need to modify the WAF rules. This could involve disabling overly restrictive rules, changing their mode from block to log, or customizing the rules to better fit your application's traffic patterns.
    5. Test Changes in DETECTION Mode: Before applying changes in PROTECTION mode, switch back to DETECTION mode to test the effectiveness of the rule modifications. This will help ensure that the changes address the issue without inadvertently blocking legitimate traffic.
    6. Consult Azure Documentation: Refer to the Azure Application Gateway documentation for detailed guidance on configuring and troubleshooting WAF policies.
    7. Engage Azure Support: If you're unable to resolve the issue, consider reaching out to Azure support for more specialized assistance.

    Remember, the goal is to balance security needs with the operational requirements of your service. Careful analysis and incremental changes are key to effectively managing WAF policies.

    Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.