Azure WAF 403响应_Azure_Asp.net Core Webapi_Owasp_Mod Security_Web Application Firewall

Azure WAF 403响应

azure

Azure WAF 403响应,azure,asp.net-core-webapi,owasp,mod-security,web-application-firewall,Azure,Asp.net Core Webapi,Owasp,Mod Security,Web Application Firewall,我收到一个“403 ModSecurity Action”，用于将请求发送到我的API。按预期获取和发布工作我想到的第一件事是WAF可能会阻止特定动词（即PUT），即“REQUEST-911-METHOD-exforcement” 但后来网络团队设法找到了请求的日志- TimeGenerated: 2018-05-04T09:55:42Z AzureDiagnostics 5/4/2018 10:55:42.000 AM AzureDiagnostics Applic

我收到一个“403 ModSecurity Action”，用于将请求发送到我的API。按预期获取和发布工作

我想到的第一件事是WAF可能会阻止特定动词（即PUT），即“REQUEST-911-METHOD-exforcement”

但后来网络团队设法找到了请求的日志-

TimeGenerated: 2018-05-04T09:55:42Z
    AzureDiagnostics    5/4/2018 10:55:42.000 AM    AzureDiagnostics    ApplicationGatewayFirewall  ApplicationGatewayFirewallLog   WAF-CPP-01  52.233.137.239  OWASP   3.0 200002  Blocked Global  Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required.    JSON parsing error: parse error: invalid object key (must be a string)\x0a          cpp.api.cardiff.gov.uk  ApplicationGatewayRole_IN_0         

$table  AzureDiagnostics
TenantId    31c4d3f2-394f-4c06-833c-9d22912ec8ab
SourceSystem    Azure
TimeGenerated   2018-05-04T09:55:42Z
Type    AzureDiagnostics
ResourceId  /SUBSCRIPTIONS/ECA58BF3-DF5E-41E6-B113-BB96E1EBC768/RESOURCEGROUPS/RG-CPP-COREINFRASTRUCTURE/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF-CPP-01
OperationName   ApplicationGatewayFirewall
Category    ApplicationGatewayFirewallLog
Resource    WAF-CPP-01
ResourceGroup   RG-CPP-COREINFRASTRUCTURE
ResourceProvider    MICROSOFT.NETWORK
SubscriptionId  eca58bf3-df5e-41e6-b113-bb96e1ebc768
clientIp_s  52.233.137.239
ruleSetType_s   OWASP
ruleSetVersion_s    3.0
ruleId_s    200002
Message Mandatory rule. Cannot be disabled. Failed to parse request body.
action_s    Blocked
site_s  Global
details_message_s   Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required.
details_data_s  JSON parsing error: parse error: invalid object key (must be a string)\x0a
hostname_s  cpp.api.cardiff.gov.uk
instanceId_s    ApplicationGatewayRole_IN_0
requestUri_s    /Notification/api/Notification/
ResourceType    APPLICATIONGATEWAYS
clientPort_d    0

    AzureDiagnostics    5/4/2018 10:55:42.000 AM    AzureDiagnostics    ApplicationGatewayAccess    ApplicationGatewayAccessLog WAF-CPP-01                                              ApplicationGatewayRole_IN_0 52.233.137.239  PUT 

$table  AzureDiagnostics
TenantId    31c4d3f2-394f-4c06-833c-9d22912ec8ab
SourceSystem    Azure
TimeGenerated   2018-05-04T09:55:42Z
Type    AzureDiagnostics
ResourceId  /SUBSCRIPTIONS/ECA58BF3-DF5E-41E6-B113-BB96E1EBC768/RESOURCEGROUPS/RG-CPP-COREINFRASTRUCTURE/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF-CPP-01
OperationName   ApplicationGatewayAccess
Category    ApplicationGatewayAccessLog
Resource    WAF-CPP-01
ResourceGroup   RG-CPP-COREINFRASTRUCTURE
ResourceProvider    MICROSOFT.NETWORK
SubscriptionId  eca58bf3-df5e-41e6-b113-bb96e1ebc768
instanceId_s    ApplicationGatewayRole_IN_0
clientIP_s  52.233.137.239
httpMethod_s    PUT
requestUri_s    /Notification/api/Notification/
requestQuery_s  -
userAgent_s PostmanRuntime/7.1.1
httpVersion_s   HTTP/1.1
sslEnabled_s    on
host_s  cpp.api.cardiff.gov.uk
ResourceType    APPLICATIONGATEWAYS
clientPort_d    1,025
httpStatus_d    400
receivedBytes_d 1,360
sentBytes_d 185
timeTaken_d 56

该错误指出请求主体存在错误，JSON不正确。但一切似乎都很好，我的结局是：/

我已经通过了《大摇大摆》和《邮差》的测试

任何帮助都将不胜感激