Getting 403 forbidden error when enabling OWASP 3.2 and Enforce request body inspection limit

Umang Raichura 0

User's image

There is one function in my web site to download the documents also i have 182 rules Enabled in prevention (Mode)
User's image

KapilAnanth-MSFT 48,081 Reputation points Microsoft Employee

2024-08-09T17:16:17.05+00:00
@Umang Raichura ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

As mentioned in our official doc, for CRS 3.2 (on the WAF_v2 SKU) and newer, the WAF request size limits are as follows when using a WAF policy for Application Gateway: 2MB request body size limit.

As next steps,

Disable "Enforce maximum request body limit" and give it a try (Just for testing)

If the request passes, this simply means the request body is more than the configurable value, which is 2MB.

Can you please share what happens when you disable the above? Does the request pass through?

Cheers,

Kapil
Umang Raichura 0 Reputation points

2024-08-12T07:40:14.9833333+00:00

@KapilAnanth-MSFT
Thankyou for valuable input when i have disabled Enforce maximum request body limit
all things are working fine,
But my condition that on my other environment all 3 are enabled and services are working fine but over there i have not applied OWASP 3.2 rules
KapilAnanth-MSFT 48,081 Reputation points Microsoft Employee

2024-08-12T08:39:18.8333333+00:00
@Umang Raichura , thanks for the info

Can you confirm that the "other" environment and the affected environment are serving the same request and are running the same service?

Can you confirm they are in "Prevention" Mode and not in "Detection"?

Can you confirm request body inspection is turned on?

Can you share the exact and complete error message from the WAF logs

Cheers,

Kapil
Umang Raichura 0 Reputation points

2024-08-13T03:58:39.79+00:00
@KapilAnanth-MSFT , Thank you so much your interest

The only change in the other server is OWASP 3.2 in not implemented.

The other Environment is in "Prevention Mode"

I have confirm request body is enabled

Thanks & Regards
Umang
KapilAnanth-MSFT 48,081 Reputation points Microsoft Employee

2024-08-13T05:00:41.3866667+00:00

@Umang Raichura ,

Ideally, the other environments without using OWASP 3.2 should also block the requests since the maximum configurable value there is 128 KB.

To troubleshoot further, we will need a specialized 1:1 session, where a support engineer can have a screen share session to pinpoint the issue.

If you have a support plan you may file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.

Cheers,

Kapil

1 answer

akinbade abiola 21,045 Reputation points

2024-08-09T07:40:48.3366667+00:00

Try increasing both the max request body inspection limit and equest body size to match your file upload limit (100 MB or 102400 KB).

You can also WAF logs to see exactly which rules are triggering the 403 errors.

If the above does not work, temporarily switch your WAF to detection mode to see which requests would be blocked without actually blocking them.

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Getting 403 forbidden error when enabling OWASP 3.2 and Enforce request body inspection limit

1 answer

Your answer