Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,078 questions
Azure WAF rule 920470 blocking the requests with details massage: Pattern match ^[\w\d/\.\-\+]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['"\w\d\.\-]+)?$ at REQUEST_HEADERS:content-type. But we excluded the rule like in the below snip still the rule blocking
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 14.000000000000002%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Chandu
0
Reputation points
{count} votes
-
Chandu 0 Reputation points
2024-08-01T12:57:49.39+00:00 Same rule excluded in lower environment it's working fine but in production we excluded the same but still we can see the blocked request by rule 920470
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee2024-08-02T02:27:30.85+00:00 Thank you for reaching out.
Can you please let us know the what is the value of content-type in your request here? if there is any un-supported character (eg ";") then this rule might get triggered.
Meanwhile can you update the match variable above to RequestHeaderValues as the request is blocked by the header value. More details here
Hope this helps! Thanks
-
Chandu 0 Reputation points
2024-08-05T10:51:18.0466667+00:00 We have a form in our website once submitting that form this rule is blocking, I have checked in the developer tools in network tab for the request headers it is showing the value Content-Type.
For me the form getting submitted while checking in the logs i saw some requests are blocked because of this rule 920470. but as mentioned in above images we have excluded the rule for Request header keys: Contains: Content-Type.
Still i observed some requests blocked. Pls assist me on this how can we fix this issue?
-
ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
2024-08-30T00:51:31.9933333+00:00 Thank you for getting back and apologies for the delayed response here.
but as mentioned in above images we have excluded the rule for Request header keys: Contains: Content-Type.
Instead of Request header keys did you try using **RequestHeaderValues.**If yes, then a support request will be required here to resolve the issue. If you do not have a support plan please let me know. Thank you!
Sign in to comment
Sign in to answer