3

I'm using Azure Front door with a web application firewall policy. Managed rule set 1.0 is configured.

It all works pretty well, apart from the password field in the login page of my web site. I see numerous block occasions based on rule 1.0-SQLI-942100 (SQL injection attempt) while the submitted password is legit, e.g. a password with the following format:

12-(Maria)_1002

Since the password field is quite critical (I do see numerous valid blocks with actual SQL injection attempts as well!), I don't want to add this field to the firewall exclusions.

Any idea how to prevent legit passwords from being blocked? I've considered excluding some chars from the input, but which ones need to be excluded?

Mr M
  • 51
  • 3

1 Answers1

0

You can set global exclusions on the WAF Policy to exclude fields in the request body from being scanned.

On the policy use Managed rules then Exclusions to add exclusions.

enter image description here

See: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal#waf-exclusion-lists

dvanrensburg
  • 1,351
  • 1
  • 14
  • 21
  • 1
    Thanks, but like I stated in the question, I don't want to ignore the entire field since I also see numerous 'valid' attack attempts. – Mr M Oct 17 '22 at 10:01