Exclude waf rule 944130(Suspicious Java classes)

Jagadish Karem 26 Reputation points
2024-04-30T05:34:57.15+00:00

Hi I have a web application which has WAF owasp3.2 enabled and its blocking a specific url (/polarion/gwt/com.polarion.UI/PortalDataService)

Detailed Data: {java.lang.string found within [REQUEST_BODY:7|2|25|https://polarionpoc.complianceg.com/polarion/gwt/com.polarion.UI/|5273B4366ADB9DD18CE244B5D2216C05|com.google.gwt.user.client.rpc.XsrfToken/4254043109|v+rqxI2X04tOpm4tI7nFH6ywOJ8g0aVw|com.polarion.alm.ui.client.debug.DebugService|deObfuscateStackTrace|java.lang.String/2004016611|java.util.ArrayList/4159755760|com.polarion.UI|2E10B9D042EF512EB1EC0F6D6425D40E

Can some help me how to write exclusion to bypass this rule in Azure WAF

Azure Web Application Firewall
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 36,396 Reputation points Microsoft Employee
    2024-04-30T06:44:09.92+00:00

    @Jagadish Karem ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to create an Exclusion for the rule 944130 in Azure WAF.

    From your error message, it looks like you are using an App gateway WAF.

    In case my observation is incorrect, and you are using AFD WAF instead, please do let me know.

    Now, with App Gateway WAF, there are generally three ways to go about it

    1.Please note that if you find a lot of false positives with this specific Rule ID, you can consider Disabling the rule altogether.

    2.With that said, if you are interested with WAF Exclusion,

    • You may follow the steps mentioned by Umar to create the Exclusion list.
    • For data reference, see : Request attribute examples in Web Application Firewall exclusion lists
    • From your error message,
      • java.lang.string found within [REQUEST_BODY
      • So please make sure the rule is matching with Request Body, i.e.,
      • User's image
    • You can also use "Contains" operator
      • Here, the example used is for JSON. If you have a Multipart Body or URL-Encoded Body, you must define the rules appropriately
      • NOTE : XML Body is not supported
      • User's image
    • And let us know how it goes

    3.Or you may also consider Custom rules for WAF v2,

    Hope this helps.

    Thanks,

    Kapil


0 additional answers

Sort by: Most helpful