Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, March 16, 2018 6:39 PM
I've set up ASE v2 and enabled WAF. But one of the web apps behind it requires ".axd" requests to be enabled. WAF rules block such requests (.../something.axd) - specifically, I see WAF blocks it with 'rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf'. I'd just remove '.axd' extension for this rule and for one particular web app (url). Can I do this?
All replies (5)
Monday, March 26, 2018 5:00 PM ✅Answered
This is a planned enhancement for rule configurability. We do not allow custom edits on per-rule basis currently.
Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.
Friday, January 4, 2019 4:27 AM ✅Answered | 1 vote
Has this planned enhancement been implemented yet? If so, can you point me in the direction of where to edit the rules? Thank You!
Exclusion list is now available, kindly checkout the document for more details: Web application firewall request size limits and exclusion lists.
Friday, March 16, 2018 8:11 PM
What is the complete error message (RuleId) you receive? Take a look into the documentation section ‘REQUEST-920-PROTOCOL-ENFORCEMENT’ for details. Yes, for customizing web application firewall rules, refer the suggestions outlined in this document: Customize web application firewall rules through the Azure portal.
Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.
Friday, March 16, 2018 8:33 PM
Here's info from the log:
{
"resourceId": "/.../PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF",
"operationName": "ApplicationGatewayFirewall",
"category": "ApplicationGatewayFirewallLog",
"properties": {
"instanceId": "ApplicationGatewayRole_IN_0",
"clientIp": "...",
"clientPort": "0",
"requestUri": "/asset.axd",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0",
"ruleId": "920440",
"message": "URL file extension is restricted by policy",
"action": "Blocked",
"site": "Global",
"details": {
"message": "Warning. String match within \.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/\ at TX:extension.",
"data": ".axd",
"file": "rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf",
"line": "1056"
},
I've seen that article. But there's no info on how to change the set of extensions for this rule. Can I do that? Can I change this rule for one app only (I have multiple behind the firewall).
Wednesday, December 26, 2018 2:59 PM
Has this planned enhancement been implemented yet? If so, can you point me in the direction of where to edit the rules? Thank You!