question

jerinjoy-2396 avatar image
0 Votes"
jerinjoy-2396 asked SaiKishor-MSFT commented

WAF Mandatory rule blocking my user register using google or facebook is there any to disable mandatory rule ?

{
"timeStamp": "2021-01-29T11:03:40+00:00",
"resourceId": "/SUBSCRIPTIONS/0000000000-0000000-0000000-000/RESOURCEGROUPS/resourcegroup/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF-GATEWAY",
"operationName": "ApplicationGatewayFirewall",
"category": "ApplicationGatewayFirewallLog",
"properties": {
"instanceId": "appgw_2",
"clientIp": "103.151.000.00",
"clientPort": "",
"requestUri": "\/api\/auth-processor\/Google",
"ruleSetType": "OWASP_CRS",
"ruleSetVersion": "3.0.0",
"ruleId": "949110",
"message": "Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 28)",
"action": "Blocked",
"site": "Global",
"details": {
"message": "Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. ",
"data": "",
"file": "rules\/REQUEST-949-BLOCKING-EVALUATION.conf",
"line": "57"
},
"hostname": "www.googoggo.com",
"transactionId": "9b8a3d7023bf1d90b13660c1b788f05f",
"policyId": "default",
"policyScope": "Global",
"policyScopeName": "Global"
}
}

azure-application-gatewayazure-web-application-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered SaiKishor-MSFT commented

@jerinjoy-2396 Mandatory rules cannot be disabled as they are triggered after anomaly score has been reached. However, here are few things that you can do-

Create Exclusions in order to "bypass" the rule itself -->Web application firewall request size limits and exclusion lists in Azure Application Gateway - Azure portal | Microsoft Docs


Create custom rules --> https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview


Custom rules will have higher priority over OWASP rules, so they will be processed first.

Disable/untick specific rules/ details --> CRS rule groups and rules - Azure Web Application Firewall | Microsoft Docs

Hope this helps. Please let us know if you still have further questions/concerns and we will be glad to assist further. Thank you!



Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@jerinjoy-2396 Please let us know if the above answer helped you resolve your issue. Please do accept the answer as it helps others in the community. Thank you!

1 Vote 1 ·

Please let us know if you still have any further issues and we will be glad to assist you further.

-Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

0 Votes 0 ·