Application Gateway WAF custom rule is not triggered if the HTTP header field is not present

%3CLINGO-SUB%20id%3D%22lingo-sub-1343291%22%20slang%3D%22en-US%22%3EApplication%20Gateway%20WAF%20custom%20rule%20is%20not%20triggered%20if%20the%20HTTP%20header%20field%20is%20not%20present%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1343291%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20this%20strange%20behavior%20on%20my%26nbsp%3BApplication%20Gateway%20WAF.%20I%26nbsp%3B%20created%20this%20custom%20rule%20(see%20image%20below)%20to%20deny%20traffic%20when%20the%20http%20request%20has%20Referer%20http%20header%20field%20empty%20or%20missing.%3C%2FP%3E%3CP%3EThe%20problem%20is%20that%20this%20rule%20is%20only%20triggered%20when%20the%26nbsp%3BReferer%20http%20header%20field%20is%20empty%20but%20not%20when%20it%20is%20missing%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInstead%2C%20the%20same%20custom%20rule%20is%20working%20fine%20on%20the%20front%20door%20WAF.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20is%20it%20happening%3F%20Did%20I%20do%20something%20wrong%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22waf_cr.png%22%20style%3D%22width%3A%20595px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F187136iA9A2E53E98C966DF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22waf_cr.png%22%20alt%3D%22waf_cr.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1343291%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Gateway%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EApplication%20Gateway%20WAF%20Policy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWAF%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eweb%20application%20firewall%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

Hi Community,

 

I have this strange behavior on my Application Gateway WAF. I  created this custom rule (see image below) to deny traffic when the http request has Referer http header field empty or missing.

The problem is that this rule is only triggered when the Referer http header field is empty but not when it is missing :(

 

Instead, the same custom rule is working fine on the front door WAF.

 

Why is it happening? Did I do something wrong?

 

waf_cr.png

0 Replies