How to make signature exception via uri?
test URL:https://www.test.com/aaa/?abc=test(1234)
Exclusion based on URI /aaa/, but it does not take effect
The command:
gcloud compute security-policies rules add-preconfig-waf-exclusion 100
--security-policy=policyname
--target-rule-set="xss-v33-stable"
--target-rule-ids="owasp-crs-v030301-id942432-sqli"
--request-uri-to-exclude "op=CONTAINS,val=/aaa/"
Configuration file section:
- action: deny(403)
description: ''
kind: compute#securityPolicyRule
match:
expr:
expression: evaluatePreconfiguredWaf('sqli-v33-stable')
exprOptions:
recaptchaOptions: {}
preconfiguredWafConfig:
exclusions:
- requestUrisToExclude:
- op: CONTAINS
val: /aaa/
targetRuleIds:
- owasp-crs-v030301-id942432-sqli
targetRuleSet: sqli-v33-stable
preview: false
priority: 100
Hi @song ,
It seems you have been using op
field in the requestUrisToExclude
section incorrectly. The op
field should be set to EQUALS
instead of CONTAINS
. The EQUALS
operation checks if the request URI exactly matches the specified value. You can review this documentation for more details.
You can check my example configuration file section :
- action: deny(403)
description: ''
kind: compute#securityPolicyRule
match:
expr:
expression: evaluatePreconfiguredWaf('sqli-v33-stable')
exprOptions:
recaptchaOptions: {}
preconfiguredWafConfig:
exclusions:
- requestUrisToExclude:
- op: EQUALS
val: /aaa/
targetRuleIds:
- owasp-crs-v030301-id942432-sqli
targetRuleSet: sqli-v33-stable
preview: false
priority: 100
The corresponding command should be :
gcloud compute security-policies rules add-preconfig-waf-exclusion 100 \
--security-policy=policyname \
--target-rule-set="xss-v33-stable" \
--target-rule-ids="owasp-crs-v030301-id942432-sqli" \
--request-uri-to-exclude "op=EQUALS,val=/aaa/"
This will correctly exclude requests with the URI /aaa/ from the sqli-v33-stable rule set. Let me know if this helps.
Hi Marvin:
thanks for your reply,
I changed the op from CONTAINS to EQUALS, but the test results still cannot be exclude.
the GUI:
the log:
Also, I pasted the command wrong:
--target-rule-set="xss-v33-stable" \
It should be as follows,but actually testing the command is fine
--target-rule-set="sqli-v33-stable" \
I'm experiencing the same issue when using URI exclusions and CONTAINS. For example, if i want to exclude all requests with `/v1/abc/*` i use the exclusion URI CONTAINS `v1/abc/` but i still see the request being evaluated in the policy logs