1
{
    "timeStamp": "2021-01-29T11:03:40+00:00",
    "resourceId": "/SUBSCRIPTIONS/0000000000-0000000-0000000-000/RESOURCEGROUPS/resourcegroup/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF-GATEWAY",
    "operationName": "ApplicationGatewayFirewall",
    "category": "ApplicationGatewayFirewallLog",
    "properties": {
        "instanceId": "appgw_2",
        "clientIp": "103.151.000.00",
        "clientPort": "",
        "requestUri": "\/api\/auth-processor\/Google",
        "ruleSetType": "OWASP_CRS",
        "ruleSetVersion": "3.0.0",
        "ruleId": "949110",
        "message": "Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 28)",
        "action": "Blocked",
        "site": "Global",
        "details": {
            "message": "Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. ",
            "data": "",
            "file": "rules\/REQUEST-949-BLOCKING-EVALUATION.conf",
            "line": "57"
        },
        "hostname": "www.googoggo.com",
        "transactionId": "9b8a3d7023bf1d90b13660c1b788f05f",
        "policyId": "default",
        "policyScope": "Global",
        "policyScopeName": "Global"
    }
}

I have been using the azure application gateway WAF, which blocking my registration using google mail, is there any way I can avoid the rule?

neuro
  • 14,948
  • 3
  • 36
  • 59
Jerin Joy
  • 63
  • 2
  • 12
  • You can go to application gateway and waf configuration then disable the rules. There is lot of rules which basically detects the cookies and header information and if it found suspicious then it will block your request. – Rahul Shukla Apr 19 '21 at 11:39

1 Answers1

1

We cannot disable WAF policy directly from the azure application gateway first you need to Migrate Web Application Firewall policies using Azure PowerShell. The below document shows how to do that.

https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/migrate-policy

waf in gat

After migrating your WAF policy azure application gateway look like the above image

by clicking the WAFpolicy you can add your own custom rules that can override the mandatory rule set. enter image description here

Jerin Joy
  • 63
  • 2
  • 12
  • I'm having this same issue currently. Azure AD Sign-in / out is blocked on redirect to the site due to OWASP "mandatory" rules. The suggested fix of adding a custom rule to create an exception does not work. Non Mandatory rules are being "logged only", however the mandatory rules are still blocking. All I can do now is set the WAF to detection mode only & lose all benefits of having a WAF! – user2295457 Jan 14 '22 at 18:45
  • 3
    @user2295457 The mandatory rule will only get activated once other rules got detected. if you can find the log by using the Diagnostic settings or application insights its shows the detected WAF Rules once you find them either you can disable or do a code fix – Jerin Joy Jan 18 '22 at 10:12