-2

WAF Rules applied to web application which is already developed. To overcome WAF blocking inputs , need to convert format of input or encode input before form submitting got failed. If any possibility to validate WAF rules using javascript , pls guide me to how it is possible.

if any JS library or api available pls mention.

DreadedFrost
  • 2,602
  • 1
  • 11
  • 29
Udhayavanan
  • 1
  • 1
  • What kind of Azure technology is implementing your WAF? Front Door/Application Gateway/something else? If using Front Door or App Gateway could set the WAF to Detection mode in a lower environment and enable Diagnostic settings to log to a Log Analytic Workspace to evaluate what rules are blocking. Once re mediated then switch the WAF to prevention. – DreadedFrost Jan 03 '20 at 06:02
  • thanks for comment. App Gateway is used and log was monitored earlier. WAf is blocking every html tags , and symbols even words like where select on which leads to sql injection but as user's input unless vulnerable script /tags/queries symbols and valid tags or words where , on need to pass through waf. but all tags are getting blocked. – Udhayavanan Jan 03 '20 at 06:18

1 Answers1

0

I'm assuming the rule set your App Gateway is using is the OWASP rule set. This comes down to securing your code from vulnerabilities. The WAF will enforce more secure and potentially better practices in your coding. Here is a list of ways to secure your Javascript site, specifically node.js, for the OWASP top 10. I'd start tackling the Rules one by one as once one is resolved it may trigger an additional one in the chain of inspection. There might be cases where some WAF rules may need to be disabled as they are false positives. These can be disabled in the portal or via ARM

DreadedFrost
  • 2,602
  • 1
  • 11
  • 29