question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CustomBlockRepsonse for Azure Application Gateway WAF

See original GitHub issue

Related command

New-AzApplicationGatewayFirewallPolicySetting

Resource Provider

Microsoft.Compute/Network

Description of Feature or Work Requested

This feature is for Azure Application Gateway WAF. CustomBlockResponse enables customers to send a custom status code and a HTML body incase there is a WAF hit instead of the conventional 403.

We are adding two new fields under Azure Application Gateway Firewall Policy settings.

  1. CustomBlockResponseStatusCode - This field accepts an integer.
  2. CustomBlockResponseBody - This field accepts a string, which has to be converted to base64 encoding.

Note: The above two fields are optional parameters for New-AzApplicationGatewayFirewallPolicySetting

Minimum API Version Required

2022-07-01

Swagger PR link / SDK link

https://github.com/Azure/azure-rest-api-specs/pull/21113

SDK: Microsoft.Azure.Management.Network.25.0.0.nupkg

Request Example

{ "RequestUri": "/subscriptions/f7e1a56e-347b-4103-87c7-e775a3e11ac5/resourceGroups/ps447/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/ps5517?api-version=2022-07-01", "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjdlMWE1NmUtMzQ3Yi00MTAzLTg3YzctZTc3NWEzZTExYWM1L3Jlc291cmNlR3JvdXBzL3BzNDQ3L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9BcHBsaWNhdGlvbkdhdGV3YXlXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMvcHM1NTE3P2FwaS12ZXJzaW9uPTIwMjItMDctMDE=", "RequestMethod": "GET", "RequestHeaders": { "x-ms-client-request-id": [ "aa4e44e0-70b4-469c-a293-375ad52127cf" ], "Accept-Language": [ "en-US" ], "User-Agent": [ "FxVersion/4.700.22.51102", "OSName/Windows", "OSVersion/Microsoft.Windows.10.0.22621", "Microsoft.Azure.Management.Network.NetworkManagementClient/25.0.0.0" ] }, "RequestBody": "", "ResponseHeaders": { "Cache-Control": [ "no-cache" ], "Pragma": [ "no-cache" ], "ETag": [ "W/\"cab21d7b-8ee3-463c-8d26-4a2b20dfc76f\"" ], "x-ms-request-id": [ "d8ae6c56-c443-4cbe-a0bc-cf1c27dd45d9" ], "x-ms-correlation-request-id": [ "499311e7-0f21-45a4-a302-b05d822b6788" ], "x-ms-arm-service-request-id": [ "37131a1a-72a0-47ce-950c-c83aeec5ba20" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" ], "Server": [ "Microsoft-HTTPAPI/2.0", "Microsoft-HTTPAPI/2.0" ], "x-ms-ratelimit-remaining-subscription-reads": [ "11904" ], "x-ms-routing-request-id": [ "JIOINDIACENTRAL:20221115T062218Z:499311e7-0f21-45a4-a302-b05d822b6788" ], "X-Content-Type-Options": [ "nosniff" ], "Date": [ "Tue, 15 Nov 2022 06:22:18 GMT" ], "Content-Length": [ "965" ], "Content-Type": [ "application/json; charset=utf-8" ], "Expires": [ "-1" ] }, "ResponseBody": "{\r\n \"name\": \"ps5517\",\r\n \"id\": \"/subscriptions/f7e1a56e-347b-4103-87c7-e775a3e11ac5/resourceGroups/ps447/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/ps5517\",\r\n \"etag\": \"W/\\\"cab21d7b-8ee3-463c-8d26-4a2b20dfc76f\\\"\",\r\n \"type\": \"Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies\",\r\n \"location\": \"westus2\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"customRules\": [],\r\n \"policySettings\": {\r\n \"requestBodyCheck\": true,\r\n \"maxRequestBodySizeInKb\": 70,\r\n \"fileUploadLimitInMb\": 70,\r\n \"state\": \"Enabled\",\r\n \"mode\": \"Prevention\",\r\n \"customBlockResponseStatusCode\": 405,\r\n \"customBlockResponseBody\": \"U29ycnkhIEZvcmJpZGRlbg==\"\r\n },\r\n \"managedRules\": {\r\n \"managedRuleSets\": [\r\n {\r\n \"ruleSetType\": \"OWASP\",\r\n \"ruleSetVersion\": \"3.2\",\r\n \"ruleGroupOverrides\": []\r\n }\r\n ],\r\n \"exclusions\": []\r\n }\r\n }\r\n}", "StatusCode": 200 }

Target Date

2022-12-06

Additional context

No response

Issue Analytics

  • State:open
  • Created 10 months ago
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
akshaym6commented, Dec 6, 2022

az network application-gateway waf-policy policy-setting update --policy-name –resource-group [–add] [–file-upload-limit-in-mb] [–force-string] [–max-request-body-size-in-kb] [–mode {Detection, Prevention}] [–remove] [–request-body-check {false, true}] [–set] [–state {Disabled, Enabled}] The above is the existing command. New fields to be added are

CustomBlockResponseStatusCode - This field accepts an integer. CustomBlockResponseBody - This field accepts a string, which has to be converted to base64 encoding.

0reactions
necusjzcommented, Dec 13, 2022

@akshaym6 As bandwidth limited, we planned this feature in the next sprint (will be released around Feb 2023).

Read more comments on GitHub >

github_iconTop Results From Across the Web

Azure Web Application Firewall (WAF) v2 custom rules on ...
This article provides an overview of Web Application Firewall (WAF) v2 custom rules on Azure Application Gateway.
Read more >
Azure Application Gateway Web Application Firewall custom ...
Custom rules allow our customers to create their own rules with IP/IP range or String based matching conditions. For example, customers will be ......
Read more >
Create and use Web Application Firewall v2 custom rules ...
This article provides information on how to create Web Application Firewall (WAF) v2 custom rules in Azure Application Gateway.
Read more >
Azure Web Application Firewall - Microsoft Learn
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common ...
Read more >
Azure Web Application Firewall (WAF)
Learn about Azure Web Application Firewall, a firewall service that helps improve web app security.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found