question

DolealVojtch219303-3332 avatar image
0 Votes"
DolealVojtch219303-3332 asked ChaitanyaNaykodiMSFT-9638 answered

WAF is not blocking attacks.

Hi,
i have an issue with WAF. It is based on Front Door and protecting webapp (JuiceShop). The issue is that attacks it should block, can be done. I am using DefaultRuleSet_1.0 and Microsoft_BotManagerRuleSet_1.0. WAF is turned on, set to prevention. Rules are turned on and everything is connected together. (Some attacks are blocked).
For an example:
xss in customer feedback. It should be blocked, but it can be done.
![197794-image.png][1]

Second example is admin login. Again the same issue.
![197778-image.png][2]

Based on Microsoft documentation this attacks should be blocked and I don't know why they are not.
[1]: /answers/storage/attachments/197794-image.png
[2]: /answers/storage/attachments/197778-image.png


Sorry for my english and low knowledge. This is my first security project in Azure.

azure-front-doorazure-web-application-firewall
image.png (25.2 KiB)
image.png (15.2 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ChaitanyaNaykodiMSFT-9638 avatar image
0 Votes"
ChaitanyaNaykodiMSFT-9638 answered

Hello @DolealVojtch219303-3332, Welcome to the Microsoft Q&A forum.

As I understand from the question you have a JuiceShop Web application behind a WAF enabled Azure Front Door in prevention mode. As observed by you some of the attacks are not blocked by the WAF. From the screenshots shared above WAF does offer protection against Java attacks, SQL injection etc. and these requests should have been blocked. You have also mentioned that some of the attacks are blocked by the WAF, so this means there are no configuration errors.

Based on the observations above, I think this issue might be due use of web sockets by the JuiceShop Web application app. As WebSockets are not supported by WAF on Azure Front Door and the issue observed by you is synonymous with the that. Can you please validate if the backend application is utilizing web sockets? You can also use diagnostic logging to understand if requests are getting blocked.

Hope this helps! Please let me know if you have any additional questions, I will be glad to continue with our discussion. Thank you!


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.