Front Door WAF blocking request to site

Question

Front Door WAF blocking request to site

Nibbler 656

Hello MS Q&A

I have a Azure Front Door up and running on my site, and wanted to add a WAF to secure the setup. However, when this is set to "preventive" mode, all traffic is blocked.... that`s very preventive, but not that optimal as I do would like traffic to access the site.

Accepted answer

0 additional answers

Your answer

Answer 1

GitaraniSharma-MSFT 50,096 Microsoft Employee Moderator

Hello @Nibbler ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

As mentioned in the official doc, the Azure-managed Default Rule Set in WAF for Azure Front Door is based on the OWASP Core Rule Set (CRS) and is designed to be strict out of the box. It is often expected that WAF rules need to be tuned to suit the specific needs of the application or organization using the WAF. So, if requests that should pass through your Web Application Firewall (WAF) are blocked, you need to tune the WAF per your requirement. Tuning of WAF is commonly achieved by defining rule exclusions, creating custom rules, and even disabling rules that may be causing issues or false positives.

Please refer the below doc to fix/handle false positives:
https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tuning#resolving-false-positives

Kindly let us know if the above helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Nibbler 656 Reputation points

2022-02-18T13:37:33.397+00:00

Hello GitaraniSharmaMSFT-4262,

Thanks, I have read the documentation…which is very much high-level… it doesn’t quite help in solving what rule should be disabled, or to be adjusted / defining rule exclusions etc... to be able to do this, one would need to know what to look for...
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2022-02-21T12:21:43.307+00:00

Hello @Nibbler ,

Thank you for the update.

In order to find which rule should be disabled/excluded, you need to open the WAF logs and go through them to understand which requests are matched and blocked. You will need to narrow down, and find the specific request which is causing a false positive.
Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tuning#understanding-waf-logs

My suggestion would be to first enable the WAF in Detection mode to ensure that the WAF doesn't block requests while you work through the process of reviewing the WAF logs regularly, and adding rule exclusions & other mitigations.
Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-faq#what-s-the-recommended-approach-to-enabling-waf-on-front-door-

Regards,
Gita

Share via

Front Door WAF blocking request to site

0 additional answers

Your answer