File upload fails through web application firewall with 403 Error (ModSecurity)
-
Working on .Net Core MVC web application hosted in Azure App Service with WAF (Web Application Firewall) enabled. WAF rules are blocking the File upload functionality. When the rules are turned OFF, application works fine. Does anyone know how this can be fixed?
Regards, John
-
Working on .Net Core MVC web application hosted in Azure App Service with WAF (Web Application Firewall) enabled. WAF rules are blocking the File upload functionality. When the rules are turned OFF, application works fine. Does anyone know how this can be fixed?
Regards, John
-
Working on .Net Core MVC web application hosted in Azure App Service with WAF (Web Application Firewall) enabled. WAF rules are blocking the File upload functionality. When the rules are turned OFF, application works fine. Does anyone know how this can be fixed?
Regards, John
It depends entirely on the rule set that you're using. It's possible that you've got a content-type on the upload that ModSec doesn't like, or that you're using something other than POST to send a file and it doesn't like that, or even that it's tuned to completely disallow uploads. The logs ModSec is generating will tell you which rule is getting triggers, and should help you figure out how to resolve the issue.
"Never attribute to malice that which can be explained by stupidity." - Hanlon's Razor