问题描述
{
"timeStamp": "2021-01-29T11:03:40+00:00","resourceId": "/SUBSCRIPTIONS/0000000000-0000000-0000000-000/RESOURCEGROUPS/resourcegroup/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF-GATEWAY","operationName": "ApplicationGatewayFirewall","category": "ApplicationGatewayFirewallLog","properties": {
"instanceId": "appgw_2","clientIp": "103.151.000.00","clientPort": "","requestUri": "\/api\/auth-processor\/Google","ruleSetType": "Owasp_CRS","ruleSetVersion": "3.0.0","ruleId": "949110","message": "Mandatory rule. Cannot be disabled. Inbound Anomaly score Exceeded (Total score: 28)","action": "Blocked","site": "Global","details": {
"message": "Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. ","data": "","file": "rules\/REQUEST-949-BLOCKING-EVALUATION.conf","line": "57"
},"hostname": "www.googoggo.com","transactionId": "9b8a3d7023bf1d90b13660c1b788f05f","policyId": "default","policyScope": "Global","policyScopeName": "Global"
}
}
我一直在使用azure应用程序网关WAF,它阻止了我使用谷歌邮件的注册,有什么办法可以避免这个规则吗?
解决方法
我们不能直接从 azure 应用程序网关禁用 WAF 策略,首先您需要使用 Azure PowerShell 迁移 Web 应用程序防火墙策略。下面的文档展示了如何做到这一点。
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/migrate-policy
迁移您的 WAF 策略后,azure 应用程序网关看起来如上图
通过单击 WAFpolicy,您可以添加自己的自定义规则,这些规则可以覆盖强制规则集。
