Exceptions in Azure Application Gateway

sujith reddy komma 76 Reputation points
2021-02-09T13:33:20.193+00:00

HI,

I want to configure an Exception for an argument that is being sent nad i get thwe WAF rule like

"details": {
"message": "Warning. Matched phrase \".profile ...\" at ARGS_NAMES:userPermissions.profileStatusCd.",
"data": "Matched Data: .profile found within ARGS_NAMES:userPermissions.profileStatusCd: userpermissions.profilestatuscd",
"file": "rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf",
"line": "106"
}

i want to create an Exception for this Attribute i tired the below but it still doesnt work. How can i create it?

REQUEST ATTRIBUTE Name starts with userPermissions

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
972 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 48,011 Reputation points Microsoft Employee
    2021-02-12T10:51:59.277+00:00

    Hello @sujith reddy komma ,

    I would recommend trying any of the variations below. This is supposed to work in App GW WAF. If the WAF does not exclude inspecting the specific variable field, then you may need to open a support request.

    67426-exclusions.jpg

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments