[英]Azure WAF 403 Response
我在向我的 API 發送 PUT 請求時收到“403 ModSecurity 操作”。Gets 和 Posts 按預期工作。
我首先想到的是 WAF 可能會阻止特定的動詞(即 PUT),即“REQUEST-911-METHOD-ENFORCEMENT” 更多信息在這里
但隨后 .networking 團隊設法找到了請求的日志 -
TimeGenerated: 2018-05-04T09:55:42Z
AzureDiagnostics 5/4/2018 10:55:42.000 AM AzureDiagnostics ApplicationGatewayFirewall ApplicationGatewayFirewallLog WAF-CPP-01 52.233.137.239 OWASP 3.0 200002 Blocked Global Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. JSON parsing error: parse error: invalid object key (must be a string)\x0a cpp.api.cardiff.gov.uk ApplicationGatewayRole_IN_0
$table AzureDiagnostics
TenantId 31c4d3f2-394f-4c06-833c-9d22912ec8ab
SourceSystem Azure
TimeGenerated 2018-05-04T09:55:42Z
Type AzureDiagnostics
ResourceId /SUBSCRIPTIONS/ECA58BF3-DF5E-41E6-B113-BB96E1EBC768/RESOURCEGROUPS/RG-CPP-COREINFRASTRUCTURE/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF-CPP-01
OperationName ApplicationGatewayFirewall
Category ApplicationGatewayFirewallLog
Resource WAF-CPP-01
ResourceGroup RG-CPP-COREINFRASTRUCTURE
ResourceProvider MICROSOFT.NETWORK
SubscriptionId eca58bf3-df5e-41e6-b113-bb96e1ebc768
clientIp_s 52.233.137.239
ruleSetType_s OWASP
ruleSetVersion_s 3.0
ruleId_s 200002
Message Mandatory rule. Cannot be disabled. Failed to parse request body.
action_s Blocked
site_s Global
details_message_s Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required.
details_data_s JSON parsing error: parse error: invalid object key (must be a string)\x0a
hostname_s cpp.api.cardiff.gov.uk
instanceId_s ApplicationGatewayRole_IN_0
requestUri_s /Notification/api/Notification/
ResourceType APPLICATIONGATEWAYS
clientPort_d 0
AzureDiagnostics 5/4/2018 10:55:42.000 AM AzureDiagnostics ApplicationGatewayAccess ApplicationGatewayAccessLog WAF-CPP-01 ApplicationGatewayRole_IN_0 52.233.137.239 PUT
$table AzureDiagnostics
TenantId 31c4d3f2-394f-4c06-833c-9d22912ec8ab
SourceSystem Azure
TimeGenerated 2018-05-04T09:55:42Z
Type AzureDiagnostics
ResourceId /SUBSCRIPTIONS/ECA58BF3-DF5E-41E6-B113-BB96E1EBC768/RESOURCEGROUPS/RG-CPP-COREINFRASTRUCTURE/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF-CPP-01
OperationName ApplicationGatewayAccess
Category ApplicationGatewayAccessLog
Resource WAF-CPP-01
ResourceGroup RG-CPP-COREINFRASTRUCTURE
ResourceProvider MICROSOFT.NETWORK
SubscriptionId eca58bf3-df5e-41e6-b113-bb96e1ebc768
instanceId_s ApplicationGatewayRole_IN_0
clientIP_s 52.233.137.239
httpMethod_s PUT
requestUri_s /Notification/api/Notification/
requestQuery_s -
userAgent_s PostmanRuntime/7.1.1
httpVersion_s HTTP/1.1
sslEnabled_s on
host_s cpp.api.cardiff.gov.uk
ResourceType APPLICATIONGATEWAYS
clientPort_d 1,025
httpStatus_d 400
receivedBytes_d 1,360
sentBytes_d 185
timeTaken_d 56
錯誤提到請求正文有錯誤,JSON 不正確。 但我的結局似乎一切都很好:/
我已經通過 swagger 和 postman 進行了測試。
我們的 WAF 剛剛遇到了這個確切的問題。 問題不是 JSON 格式不正確,而是它太大了。 我一直無法找到關於什么構成大型 JSON 有效負載的確切數字,但如果請求的內容長度超過大約 120-150kb,它就會發生。
我遇到了同樣的問題,結果證明這是應用程序網關 WAF 策略中的一個限制,它只允許它檢查大小小於 128 kB 的請求主體。
對我來說,基礎設施在 Azure 中,顯然應用程序網關的版本升級將允許檢查(和解析)多達 2 MB 的主體。
對於 Azure 中的應用程序網關,主體大小限制記錄在此處: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#limits
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.