How can we improve Azure Networking?

Support chunked file transfers through Azure Application Gateway + WAF

This is an issue with the WAF's configuration of OWASP.

When the WAF is in protection mode, it is currently not possible to use the js File API to upload files in a chunked manner to an application behind the Application Gateway. Some of the "chunks" get blocked by the firewall (see attached). This doesn't happen to all chunks but it is common enough that a 100mb file will probably encounter the issue.

I have created a barebones test website which reproduces the issue here: https://github.com/elexisvenator/AzureWAF-chunked-upload-test

I have contacted the OWASP ModSecurity project, who have responded that the Firewall rule in question is particularly problematic and is recommended to disable to prevent false positives. Too see their full response go to https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/827

I hope the Application Gateway team can update the WAF configuration as quickly as possible as this issue is currently preventing deployment of production applications.

94 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Ben Edwards shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Robert commented  ·   ·  Flag as inappropriate

    As of Nov 1 2017, MS has listed the 200004 rule under ruleset 'General' and you acn disable it now.

    Unfortunately for me, I'm still facing a similar issue with rule 200002: Multipart parsing error: Multipart: Final boundary missing.

Feedback and Knowledge Base