Share via

Application gateway WAF - blocking url parameters

Werner Weiss 1 Reputation point
Jan 5, 2022, 7:33 PM

Hello,
I have a Windows server with few running REST services on it.
URLs:

Example 1: https://service.company.com/api/MyService/Login/?user='tom'&pass='123456'
Example 2: https://service.company.com/api/MyService/Login/?user=tom&pass=123456

Example 1 is NOT WORKING -> Blocked -> REQUEST-949-BLOCKING-EVALUATION
Example 2 is WORKING FINE.

But I can only generate example 1 code - so I need somehow to allow the character ' before and after the text parameter values?
Is this somehow possible?

One solution is the exclude the attribute (parameter name) from checking -> e.g. "user" and "pass". But I have other REST calls with same text prefix and postfix.

I hope someone can help me.

Greetings,
/Werner

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,085 questions
Azure Web Application Firewall
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.