Azure Application Gateway exclude - inspection of nested request body property
Question
I need to exclude the inspection of a nested request body parameter in Azure Application Gateway. Using the Azure Portal, I've tried the following without success:
eg request body contents:
{
"aRootProperty": "value",
"aRootContainer": {
"aNestedProperty": "some-string-that-causes-false-positives"
}
}
Azure Portal Exclusion config:
Field:
Request Attribute NameOperator:
EqualsSelector:
aNestedProperty
The documentation has a couple of examples but they're not very useful. Additionally, the docs don't really cover how the various Operators and the Selector work in practice.
With some testing, I found that I could use the Contains operator, but that's a bit more permissive than I'd like as any property that happens to contain the string "aNestedProperty" will be excluded.
1 answers
solution1
1 2022-03-25 21:01:32
It's undocumented, but the Selector supports dot-notation for exclusion of nested properties.
So, the rule can be updated to the following for success (and it's not unnecessarily permissive:):
Field:
Request Attribute NameOperator:
EqualsSelector:
aRootContainer.aNestedProperty
I've posted this doc issue so that the docs are (hopefully) updated soon.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.