Share via

Azure frontdoor blocking Cyrillic Characters and Chinese Language values in the request payload

Dhayalan Kaliyappan 5 Reputation points
2024-09-06T12:35:42.05+00:00

Hi,

One of our API providers facing ‘403 forbidden’ error due to Cyrillic and Chinese characters fields in their request payload. 

It’s get blocked in the Azure frontdoor by following rule sets. 

  • Microsoft_DefaultRuleSet-2.1-PHP-933210 - PHP Injection Attack: Variable Function Call Found
    • Matched Data: GA000 VSD FF (CM00) (MINE)
  • Microsoft_DefaultRuleSet-2.1-XSS-941310 - US-ASCII Malformed Encoding XSS Filter - Attack Detected
    • Matched Data: "company":"门市格林美新材料有限公司","Енергоремонт ЕАД"
  • Microsoft_DefaultRuleSet-2.1-General-200002 - Failed to parse request body.

How to support multiple languages in Azure frontdoor using waf rule?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
692 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 1,275 Reputation points Microsoft Vendor
    2024-09-09T15:01:40.2666667+00:00

    Hi Dhayalan Kaliyappan,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    There are a few things you can do if requests that should pass through your Web Application Firewall (WAF) are blocked.

    First, ensure you’ve read the WAF overview and the WAF configuration documents. Also, make sure you’ve enabled WAF monitoring These articles explain how the WAF functions, how the WAF rule sets work, and how to access WAF logs.

    Refer: https://learn.microsoft.com/en-us/azure/web-application-firewall/

    The OWASP rulesets are designed to be strict out of the box, and to be tuned to suit the specific needs of the application or organization using WAF. It's entirely normal, and expected in many cases, to create exclusions, custom rules, and even disable rules that may be causing issues or false positives.

    • Sometimes Azure Web Application Firewall in Azure Front Door might block a legitimate request. As part of tuning your web application firewall (WAF), you can configure the WAF to allow the request for your application. WAF exclusion lists allow you to omit specific request attributes from a WAF evaluation. The rest of the request is evaluated as normal.

    Refer: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion

    Here is the possible solution that could help you:

    • Create a custom WAF rule to allow requests with non-ASCII characters.

    Refer: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules

    If you feel that your query has been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post which might be beneficial to other community members reading this thread.

    I look forward to your response and appreciate your time on this.

    Regards,

    Ganesh

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.