I have a web server behind the firewall and web server protection policy is being used to protect the server. Kindly help me to find out which category to add in rules exception to resolve this issue.
Following are the logs.
2019-09-02 10:07:32Web server protectionmessageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="" src_ip="" local_ip="" protocol="HTTP/1.1" url="" query_string="" cookie="ASP.NET_SessionId=; HASH_ASP.NET_SessionId=" referer="" method="POST" response_code="403" reason="WAF Anomaly" extra="Inbound Anomaly Score Exceeded (Total Score: 5, SQLi=, XSS=): Last Matched Message: Multipart parser detected a possible unmatched boundary." content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" host="" response_time="51610" bytes_sent="441" bytes_received="428987" fw_rule_id="13" Copy to clipboard
2019-09-02 11:01:54 Web server protectionmessageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="" src_ip="" local_ip="" protocol="HTTP/1.1" url="" query_string="" cookie="ASP.NET_SessionId=t" referer="" method="GET" response_code="403" reason="WAF Anomaly" extra="Outbound Anomaly Score Exceeded (score 8): Last Matched Message: IIS Information Leakage" content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" host="" response_time="20841" bytes_sent="572" bytes_received="613" fw_rule_id="13"
Note: Generic attacks category is already in the exception.
This thread was automatically locked due to age.
