Can not update Azure Application Gateway - Error: The disabled Rule '920300' is unknown

1
votes

Every time we try to make any update to a particular instance of application gateway we get the error.

Failed to save configuration changes to application gateway '********'. Error: The disabled Rule '920300' is unknown for RuleGroup 'REQUEST-920-PROTOCOL-ENFORCEMENT' for Application Gateway Firewall in context 'properties.webApplicationFirewallConfiguration.disabledRuleGroups[0]'.

This error occurs both from the portal and when using powershell and occurs when trying to make any change to the app gateway config e.g. edit a rule, add a listener, edit the WAF settings.

Rule 920300 Request Missing an Accept Header was previously listed in the WAF settings but I note it is no longer listed in the portal

portal appgw settings

but is listed in the docs

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-crs-rulegroups-rules#owasp30

1
azureazure-application-gateway

1 Answers

1
votes

This is the Ruleset definition:

# -=[ Rule Logic ]=-

This rule generates a notice if the Accept header is missing.

SecRule &REQUEST_HEADERS:Accept "@eq 0" \ "msg:'Request Missing an Accept Header',\ chain,\ phase:request,\ rev:'3',\ ver:'OWASP_CRS/3.0.0',\ maturity:'9',\ accuracy:'8',\ t:none,\ **pass,** severity:'NOTICE',\ id:920300,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-protocol',\ tag:'OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT',\ tag:'WASCTC/WASC-21',\ tag:'OWASP_TOP_10/A7',\ tag:'PCI/6.5.10',\ tag:'paranoia-level/2'" SecRule REQUEST_METHOD "!^OPTIONS$" \ "chain" SecRule REQUEST_HEADERS:User-Agent "!@pm AppleWebKit Android" \ "t:none,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"

It is just a warning and it will not block your traffic. You are just seeing an warning here in your WAF logs and it can be ignored.