WAF blocking legit file upload

Santhya Rama S 115 Reputation points
2023-08-30T13:08:59.3766667+00:00

Hi,

I am facing an issue trying to upload a file, receiving 403 forbidden error. I can successfully upload the file by bypassing appgw and with WAF detection mode.

The file is taken as base64 and the error i get from appgw logs is "ruleId":"941130". I have added this rule in exclusion list with match patter as ReqArgname starts with Base64 but its not working and still blocking the file upload.

Could you let me know how to customize the exclusion rule?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,063 questions
Azure Web Application Firewall

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee
    2023-09-12T10:34:11.2833333+00:00

    Hello @Santhya Rama S ,

    I understand that your Azure WAF was blocking a file upload and even with exclusion rule, it was not working, and you wanted to know how to customize the exclusion rule to allow the file upload.

    I requested you to share the WAF log which shows the block, so that we can formulate an exclusion rule for it.

    However, you provided an update that by using WAF logs, you were able to customize the rule and added an exclusion list, which is working now.

    Kindly let us know if you need further assistance on this issue.

    Please don’t forget to close the thread by clicking "Accept the answer".

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.