question

sujithreddykomma-6717 avatar image
0 Votes"
sujithreddykomma-6717 asked GitaraniSharmaMSFT-4262 commented

Azure Application Gateway | Rule ID 913101 Python Requests are getting blocked

Hi ,

When we are trying to send requests to APIM using Jupyters notebook in Python, We are getting blocked in the application Gateway like the below

"ruleId": "913101",
"ruleGroup": "913-SCANNER-DETECTION",
"message": "Found User-Agent associated with scripting/generic HTTP client",
"action": "Matched",
"site": "Global",
"details": {
"message": "Warning. Matched phrase \"python-requests ...\" at REQUEST_HEADERS:User-Agent.",
"data": "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.22.0",
"file": "rules/REQUEST-913-SCANNER-DETECTION.conf",
"line": "156"
},
Is there a workaround for this with out disbaling any?

Thanks,
Sujith.

azure-api-managementazure-application-gateway
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sam-Cogan avatar image
0 Votes"
Sam-Cogan answered

You can use the WAF exclusion list to allow certain files through the firewall if they trigger this rule. You can do this by matching a certain part of the request (header, cookie or attribute name). You can find details on how to do this here.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered GitaraniSharmaMSFT-4262 commented

Hello @sujithreddykomma-6717 ,


The Application Gateway WAF when running in Prevention mode Blocks intrusions and attacks that the rules detect. And some of the rules can be disabled from the list per requirement.


Since you do not want to disable any rules from the WAF rule set, you can opt for WAF exclusion lists. WAF exclusion lists allow you to omit certain request attributes from a WAF evaluation. Once an attribute is added to the WAF exclusion list, it isn't considered by any configured and active WAF rule. Exclusion lists are global in scope. And this is helpful in excluding attributes which may trigger a false positive from the WAF rules. The exclusion lists remove inspection of the field's value and some of them are as below:
Request Headers, Request Cookies, Form field name, JSON entity & URL query string args.


From the log shared by you, it looks like the User-Agent request header is causing the WAF to block this traffic. The user-agent request header contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor, or software version of the requesting software user agent. For more information, see User-Agent. In some cases, this can be legitimate traffic. So you might need to exclude this header from WAF evaluation.


The following Azure PowerShell cmdlet excludes the user-agent header from evaluation:


$exclusion1 = New-AzApplicationGatewayFirewallExclusionConfig -MatchVariable "RequestHeaderNames"
-SelectorMatchOperator "Equals" `
-Selector "User-Agent"


For more details, please refer : https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration#waf-exclusion-lists


Hope this helps!


Kindly let us know if the above helps or you need further assistance on this issue.




Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @sujithreddykomma-6717 ,


Any update on this post?


If the suggested response helped you resolve your issue, please don't forget to "Accept the answer" for the benefit of other community members.


Thanks,
Gita


0 Votes 0 ·

Hello @sujithreddykomma-6717 ,

Any update on this post?

Thanks,
Gita

0 Votes 0 ·