Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
WAF Policy Managed Rule Exclusion Remove Rule not working as expected
See original GitHub issue
az feedbackauto-generates most of the information requested below, as of CLI version 2.0.62
Related command az network application-gateway waf-policy managed-rule exclusion rule-set remove
Describe the bug
- The above command is supposed to remove a Rule from an exception in Managed Rules Exclusion of App gateway WAF Policy
- However, instead, I notice every other rule under OWASP is getting added to the exclusion
To Reproduce
- Add a test exclusion to the Managed Rules from Portal
- Make sure the exclusion contains a Rule from the Managed Rule Group.
- Now, with Azure CLI, execute the above command specifying the Rule Group name to remove it
- Instead of the Rule Group getting removed, I see every rule under OWASP is getting added to the exclusion
Expected behavior
The Rule Group associated to the specified exclusion policy should have been removed
Environment summary
- Contains an App gateway WAF policy
- I was using OWASP 3.2
Additional context NA
Issue Analytics
- State:
- Created a year ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Azure Applicatoin Gateway WAF managed rule exclusion ...
• The command that you have used to delete the application gateway WAF managed rule exclusion set is incorrect. It should be as...
Read more >az network application-gateway waf-policy managed-rule ...
List all managed rule sets of an exclusion. az network application-gateway waf-policy managed-rule exclusion rule-set remove. Remove managed rule set within ...
Read more >WAF Rule Exclusions (2020) | Fastly Help Guides
To reduce the number of log entries generated, we recommend using the API to disable logging once the rule exclusion is working as...
Read more >AWS Managed Rules for AWS WAF - AWS Documentation
However, AWS Managed Rules rule groups aren't intended as a replacement for your security responsibilities, which are determined by the AWS resources that ......
Read more >Understanding WAF managed rules (Web Application Firewall)
Add WAF Exception: You can define WAF exceptions in the Cloudflare dashboard or using the Rulesets API. · Disable the corresponding managed rule( ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@necusjz , I was using Azure Cloudshell to repo this.
az network application-gateway waf-policy managed-rule exclusion rule-set add -g appGateway --policy-name appGatewayPolicy --match-variable RequestHeaderValues --match-operator Contains --selector kapil --type OWASP --version 3.2 --group-name REQUEST-921-PROTOCOL-ATTACK --rule-ids 921140 921150az network application-gateway waf-policy managed-rule exclusion rule-set add -g appGateway --policy-name appGatewayPolicy --match-variable RequestHeaderNames --match-operator StartsWith --selector Bing --type OWASP --version 3.2 --group-name REQUEST-920-PROTOCOL-ENFORCEMENT --rule-ids 920340az network application-gateway waf-policy managed-rule exclusion rule-set remove -g appGateway --policy-name appGatewayPolicy --match-variable RequestHeaderValues --match-operator Contains --selector kapil --type OWASP --version 3.2 --group-name REQUEST-921-PROTOCOL-ATTACKMy cloudshell azure-CLI version is 2.41.0
@KapilAnanth-MSFT I haven’t reproduced this issue yet, my procedures are as follows: