Azure-docs: RequestCookie Example for ExclusionRule WAF CRS app Gateway

Created on 13 Jun 2019 · 11Comments · Source: MicrosoftDocs/azure-docs

Hi All,

Was reading this article :- https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-waf-configuration

But unfortunately I don't know if we have any examples which are more practical? like if a cookie that contains "X" and its value contains special characters, let is pass thru and not block.. how do we do such a evaluation?

I am struggling here instead of writing an Exclusion rule I tried something like this but I dnt know how to do the spcial character check in the string value. The case here is, if the cookie contains Key"__requestVerificationToken" and in that case if its value contains any special characters just ignore it and let the request pass thru:-

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: c0c27cd7-15fd-7358-9740-734cfa6b641f
Version Independent ID: 9cbc5678-98e1-3c21-df0a-81d8b7e21241
Content: Web application firewall request size limits and exclusion lists in Azure Application Gateway - Azure portal
Content Source: articles/application-gateway/application-gateway-waf-configuration.md
Service: application-gateway
GitHub Login: @vhorne
Microsoft Alias: victorh

application-gatewasvc cxp in-progress product-question triaged

Source

ketaanhshah

🚀1

All 11 comments

@ketaanhshah do you still need assistance with this? I know you have a CSS case open and are also working via #33262.

TravisCragg-MSFT on 13 Jun 2019

🚀1

@TravisCragg-MSFT yes I need help as I still dont know how to set that cookie thing as a customer rule. I think CSS case not opened by me though.

ketaanhshah on 13 Jun 2019

🚀1

@ketaanhshah Exclusions can only be made on the Request Cookie Name, and 2 exclusion rules can not be combined.

The closest to your specification would be to check if a request cookie name contains 'X'

You might want to consider opening a CSS case to assist with your configuration, and possibly help you migrate to an App Gateway V2. If you do not have a support plan and would like to move forward with a support request, please Email me at [email protected] with your Subscription ID and a link to this post, and I will enable a one-time free support request for your subscription.

TravisCragg-MSFT on 14 Jun 2019

🚀1

@TravisCragg-MSFT Thank you Travis, I really appreciate it a lot! Hey my colleague was able to find the MS scripts to migrate the V1 to V2 gateway and we were succesffully able to migrate it and attach the new custom rule (waf policy). Although what we found is when SSL is installed on the gateway these scripts for migrating gateway from V1 to V2 fail. But for now we are going ahead and provisioning new subnets and NSGs for V2 App Gateway and get it to work! Thank you again for your help!

ketaanhshah on 14 Jun 2019

🚀1

No setting cookies

superleah on 15 Jun 2019

🚀1

I'm sleeping no coo(he's

superleah on 15 Jun 2019

🚀1

I got https too

superleah on 15 Jun 2019

🚀1

In progress make in active

superleah on 15 Jun 2019

🚀1

Delete in progress --

superleah on 15 Jun 2019

🚀1

Thank you I just got here

superleah on 15 Jun 2019

🚀1

Come on give me another com] and give me your meter read like always

superleah on 15 Jun 2019

🚀1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Shouldn't these be installed in the `kube-system` namespace?

AronT-TLV · 3Comments

What's the scope of OpenID Connect interaction with identity provider functionality?

jamesgallagher-ie · 3Comments

nginx across multiple namespaces

mrdfuse · 3Comments

The available download on the page for the CUDA Drivers, Windows Server 2016-edition, is outdated.

jebeld17 · 3Comments

ConfigurationManager

jharbieh · 3Comments