Support chunked file transfers through Azure Application Gateway + WAF
This is an issue with the WAF's configuration of OWASP.
When the WAF is in protection mode, it is currently not possible to use the js File API to upload files in a chunked manner to an application behind the Application Gateway. Some of the "chunks" get blocked by the firewall (see attached). This doesn't happen to all chunks but it is common enough that a 100mb file will probably encounter the issue.
I have created a barebones test website which reproduces the issue here: https://github.com/elexisvenator/AzureWAF-chunked-upload-test
I have contacted the OWASP ModSecurity project, who have responded that the Firewall rule in question is particularly problematic and is recommended to disable to prevent false positives. Too see their full response go to https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/827
I hope the Application Gateway team can update the WAF configuration as quickly as possible as this issue is currently preventing deployment of production applications.
shouldn't all rules be configurable?
As of Nov 1 2017, MS has listed the 200004 rule under ruleset 'General' and you acn disable it now.
Unfortunately for me, I'm still facing a similar issue with rule 200002: Multipart parsing error: Multipart: Final boundary missing.