Hello @VS ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that your Azure App gateway WAF V2 OWASP rule 920470 detects multiform content type as a threat with following message: "Pattern match ^[\w\d/.-+]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['"\w\d.-]+)?$ at REQUEST_HEADERS:content-type" and you would like to know if there a way to overcome this limitation for this rule in WAF V2.
To fix false positives, you could try one of the below:
- Use an exclusion list.
- Disable the rule.
- You could try to add a WAF exclusion list with below config:
- Or disable the OWASP rule 920470.
NOTE: Disabling the rule will allow you to parse any/all "Content-Type
" values.
To avoid the above scenario, and if you don't want to expose the whole application to allow customized Content-Types, you can create a new WAF policy, disable the rules and attach it only to a specific URI/path/route.
Refer: https://video2.skills-academy.com/en-us/azure/web-application-firewall/ag/policy-overview
Another workaround is to remove the global exclusion, disable the rule (920470) and create a custom rule to deny traffic for all "Content-Type
" and allow only the ones you want as below:
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.