Azure Application Gateway Access logs show 403 with ERRORINFO_NO_ERROR

Question

I can see a lot of Application Gateway Access logs (200+ in the last 7 days) that show httpstatuscode_d as 403 and error_info_s as "ERRORINFO_NO_ERROR" when I fire the below query:

AzureDiagnostics
| where httpStatus_d == 403
        and ruleGroup_s !endswith "Bots"
        and httpMethod_s != "HEAD"
        and error_info_s == "ERRORINFO_NO_ERROR"

Our WAFMode_s is PREVENTION so this blocks users and from what I can see most of these request seems to be fully valid and correct requests.

The policy haven't been changed for several months. It is a small percentage of all requests, but still too many to be acceptable for our users. I can't see any 403 responses at all from the backend App Services.

Answer 1

@Eric Quist ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Technically, this is Firewall log and not Access log.

• You have to find out what are the rules that are actually getting triggered/matched and the reason why
• You can check the fields "ruleId", "action" and "details" fields to understand why a particular request was flagged/blocked.
• Essentially, you have to Tune your WAF according to your application traffic.

Once you identified all the rules that are blocking and you feel they are false positives, you have three options

• Disable the Rule
• Create Exclusions
• Create Custom rules with a higher priority to allow the requests

The above methods are specific to your requirements and use case.

Hope this helps.

Thanks,

Kapil

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.