cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Application Gateway WAF custom rule is not triggered if the HTTP header field is not present

Maxlan71
Brass Contributor

‎Apr 28 2020 03:23 AM

‎Apr 28 2020 03:23 AM

Application Gateway WAF custom rule is not triggered if the HTTP header field is not present

Hi Community,

 

I have this strange behavior on my Application Gateway WAF. I  created this custom rule (see image below) to deny traffic when the http request has Referer http header field empty or missing.

The problem is that this rule is only triggered when the Referer http header field is empty but not when it is missing :(

 

Instead, the same custom rule is working fine on the front door WAF.

 

Why is it happening? Did I do something wrong?

 

waf_cr.png

4,814 Views
1 Like
1 Reply
Reply
1 Reply
lo_ed

‎Dec 10 2020 02:59 PM

‎Dec 10 2020 02:59 PM

Re: Application Gateway WAF custom rule is not triggered if the HTTP header field is not present

@Maxlan71, I encountered similar problem and worked around it by a negation. 

I have a P2 rule to deny all (as attached) and then you can have any P1 rules to allow whatever with non empty Header as you like. Hope that help. 

Screen Shot 2020-12-10 at 2.57.35 PM.png

1 Like
Reply