Exceptions in Azure Application Gateway

sujith reddy komma 76

HI,

I want to configure an Exception for an argument that is being sent nad i get thwe WAF rule like

"details": {
"message": "Warning. Matched phrase \".profile ...\" at ARGS_NAMES:userPermissions.profileStatusCd.",
"data": "Matched Data: .profile found within ARGS_NAMES:userPermissions.profileStatusCd: userpermissions.profilestatuscd",
"file": "rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf",
"line": "106"
}

i want to create an Exception for this Attribute i tired the below but it still doesnt work. How can i create it?

REQUEST ATTRIBUTE Name starts with userPermissions

GitaraniSharma-MSFT 49,401 Reputation points Microsoft Employee

2021-02-15T07:33:08.05+00:00

Hello @sujith reddy komma ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,
Gita
GitaraniSharma-MSFT 49,401 Reputation points Microsoft Employee

2021-02-22T16:42:33.357+00:00

Hello @sujith reddy komma ,

Could you please provide an update on this post?

Kindly let us know if the below answer helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
GitaraniSharma-MSFT 49,401 Reputation points Microsoft Employee

2021-02-25T14:27:39.797+00:00

Hello @sujith reddy komma ,

Hope you are doing well.

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,
Gita
Andrey Rudenko 6 Reputation points

2021-03-12T10:14:57.52+00:00

Hi, it seems like that excluion lists works only for ARGS, not ARGS_NAMES. E.g. suggested solution would work for the case:
"Matched Data: 1=1 found within ARGS:text:1=1"

But it won't work if matched data is actually the NAME of the argument, like in author's case. We're struggling with some of our requests getting blocked and are unable to do anything about it, because of this exclusions issue. Should we open a support ticket for that?
Bryan Hernández Leal 11 Reputation points

2021-10-05T19:55:58.147+00:00

Hello!

Have you gotten to solve this? I am having the same issue with an argument being named <...>$GlobalSearch1.
Apparently it detects the PHP keyword $GLOBALS.

Custom rules are not working with a post args match.
Exclusion list are not working as well.

Any tip on how to solve this?

1 answer

GitaraniSharma-MSFT 49,401 Reputation points Microsoft Employee

2021-02-12T10:51:59.277+00:00

Hello @sujith reddy komma ,

I would recommend trying any of the variations below. This is supposed to work in App GW WAF. If the WAF does not exclude inspecting the specific variable field, then you may need to open a support request.

Hope this helps!

Kindly let us know if the above helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Exceptions in Azure Application Gateway

1 answer