Hello,
The following error is logged on my WAF when my users submit a specific request (modifying a category list) on our Web App hosted EPIServer site:
{
"resourceId":"/SUBSCRIPTIONS/SUBID/RESOURCEGROUPS/NETWORK/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF",
"operationName":"ApplicationGatewayFirewall",
"time":"2017-10-11T20:25:13Z",
"category":"ApplicationGatewayFirewallLog",
"properties": {
"instanceId":"ApplicationGatewayRole_IN_0",
"clientIp":"XXX.XXX.XXX.XXX",
"clientPort":"0",
"requestUri":"/EPiServer/Categories.aspx",
"ruleSetType":"OWASP",
"ruleSetVersion":"3.0",
"ruleId":"0",
"message":"",
"action":"Blocked",
"site":"Global",
"details": {
"message":"Request body no files data length is larger than the configured limit (131072).. Deny with code (413)",
"data":"",
"file":"",
"line":""
}
When I put the WAF into detect mode, this request functions without error.
I have already disabled a series of rules which were blocking EPIServer functionality, but this rule is different in the WAF. The Rule ID is showing as "0," and I can not disable it through the portal nor Azure CLI.
Is there a way that I can modify rule values?
Is there somewhere where I can interact directly with the WAF ruleset to execute such commands as:
SecRequestBodyLimit 536870912
SecRequestBodyNoFilesLimit 10485760
Any assistance would be greatly appreciated.