Menu
I currently have a WordPress website hosted on 3 virtual machines behind an application gateway. When users are trying to submit a form via our websites sponsorship pane, after clicking submit users are prompted with: 403 forbidden microsoft-azure-application-gateway/v2
I've done a significant amount of research and viewed the logs and I'm not seeing any red flag that is causing restricted access to the resource. The WAF is set to prevention so maybe it's seeing the form submission as a type of malicious activity and blocking it? Not quite sure at this point though.
I am not a web master, so my scope of service stops after it leaves the Azure portal.
Please advise.
983
An HTTP 403 response code means that a client is forbidden from accessing a valid URL. The server understands the request, but it can't fulfill the request because of client-side issues. The caller isn't authorized to access an API that's using an API Gateway Lambda authorizer.
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
After digging around the WAF logs, the way that the form is being transmitted to the website is being flagged as malicious and classifying the request as an SQL injection attack.
How I mitigated it in two ways:
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
