We migrated our site from Umbraco on .NET 4.7.2 to Umbraco .NET 5 9.5.1. I deployed it in production which is behind an Azure application gateway V1. The site is https and configured with a certificate.
When we try to login we see (ModSecurity Action) errors as seen in the attached picture. Even in the case of .NET 4.7.2 we would see errors with Angular but it would login and the UI would be displayed.
In case of 9.5.1 it logs in, but none of the backend UI is displayed.
You cannot add an exclusion rule based on URL Path.
Alternate option here will be to go through Diagnostic Logs and identify the false positive request as discussed here and then disable the rule causing this false positive.
Another approach here will be to use a custom rule to set an exception using RequestUri variable. But the custom Rules are supported by WAFv2 sku only. You can follow this documentation to migrate from v1 to v2 sku.
Hope this helps. As we primarily monitor this channel for documentation enhancements and bug and as we did not determine any so we will now proceed to close this issue out. If you have any additional questions regarding this issue I will suggest you to post a question on our Microsoft Q&A forum. Thank you!
Used log analytics query: AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayFirewallLog"
This appears to be a Umbraco issue as there are mandatory rules that cannot be disabled in the Application Gateway V1 + WAF. WAF ModSecurity is detecting SQL injections!!
Umbraco 9.5.1: Backend UI not displayed after login when deployed in a VM behind Azure application gateway V1.
We migrated our site from Umbraco on .NET 4.7.2 to Umbraco .NET 5 9.5.1. I deployed it in production which is behind an Azure application gateway V1. The site is https and configured with a certificate.
When we try to login we see (ModSecurity Action) errors as seen in the attached picture. Even in the case of .NET 4.7.2 we would see errors with Angular but it would login and the UI would be displayed.
In case of 9.5.1 it logs in, but none of the backend UI is displayed.
Please help.
I agree with you. Have Same issue.
Hi Gregory. I have raised a query on the documentation for Azure Application Gateway + WAF V1. Hopefully they answer.
Azure Application Gateway V1 + WAF: Ask WAF not to scan the backend URL path of Umbraco CMS (/umbraco, /umbraco/, /umbraco?).
And have raised it here: Umbraco 9.5.1: Backend UI not displayed after login when deployed in a VM behind Azure application gateway V1.
Microsoft answer to question
You cannot add an exclusion rule based on URL Path.
Alternate option here will be to go through Diagnostic Logs and identify the false positive request as discussed here and then disable the rule causing this false positive.
Another approach here will be to use a custom rule to set an exception using RequestUri variable. But the custom Rules are supported by WAFv2 sku only. You can follow this documentation to migrate from v1 to v2 sku.
Hope this helps. As we primarily monitor this channel for documentation enhancements and bug and as we did not determine any so we will now proceed to close this issue out. If you have any additional questions regarding this issue I will suggest you to post a question on our Microsoft Q&A forum. Thank you!
Used log analytics query: AzureDiagnostics | where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayFirewallLog"
This appears to be a Umbraco issue as there are mandatory rules that cannot be disabled in the Application Gateway V1 + WAF. WAF ModSecurity is detecting SQL injections!!
/umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | Execution error - PCRE limits exceeded (-8): (null). -- | -- /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | SQL Comment Sequence Detected. /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | SQL Hex Encoding Identified /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | Execution error - PCRE limits exceeded (-8): (null). /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | SQL Comment Sequence Detected. /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | SQL Hex Encoding Identified /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /umbraco/ServerVariables?umbrnd=451b4c1370e27e397d1a520fa7bb2b1a49d6769c | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /umbraco/LocalizedText | Execution error - PCRE limits exceeded (-8): (null). /umbraco/LocalizedText | SQL Comment Sequence Detected. /umbraco/LocalizedText | SQL Hex Encoding Identified /umbraco/LocalizedText | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /umbraco/LocalizedText | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /umbraco/assets/fonts/lato/LatoLatin-Italic.woff2 | Execution error - PCRE limits exceeded (-8): (null). /umbraco/assets/fonts/lato/LatoLatin-Italic.woff2 | SQL Comment Sequence Detected. /umbraco/assets/fonts/lato/LatoLatin-Italic.woff2 | SQL Hex Encoding Identified /umbraco/assets/fonts/lato/LatoLatin-Italic.woff2 | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /umbraco/assets/fonts/lato/LatoLatin-Italic.woff2 | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds | Execution error - PCRE limits exceeded (-8): (null). /umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds | SQL Comment Sequence Detected. /umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds | SQL Hex Encoding Identified /umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /umbraco/lib/wicg-inert/dist/inert.min.js.map;; | Execution error - PCRE limits exceeded (-8): (null). /umbraco/lib/wicg-inert/dist/inert.min.js.map;; | SQL Comment Sequence Detected. /umbraco/lib/wicg-inert/dist/inert.min.js.map;; | SQL Hex Encoding Identified /umbraco/lib/wicg-inert/dist/inert.min.js.map;; | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /umbraco/lib/wicg-inert/dist/inert.min.js.map;; | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /sb/nmap/umbraco-backoffice-extensions-js.js.va1a6e1d56e877b2aae61448cf4cc4042df75b24b | Execution error - PCRE limits exceeded (-8): (null). /sb/nmap/umbraco-backoffice-extensions-js.js.va1a6e1d56e877b2aae61448cf4cc4042df75b24b | SQL Comment Sequence Detected. /AppPlugins/Plumber/Backoffice/js/plumber.js.map | Execution error - PCRE limits exceeded (-8): (null). /AppPlugins/uSync/usync.9.4.0.min.js.map | Execution error - PCRE limits exceeded (-8): (null). /AppPlugins/uSyncExpansions/usyncexpansions.9.4.0.min.js.map | Execution error - PCRE limits exceeded (-8): (null). /sb/nmap/umbraco-backoffice-extensions-js.js.va1a6e1d56e877b2aae61448cf4cc4042df75b24b | SQL Hex Encoding Identified /AppPlugins/Plumber/Backoffice/js/plumber.js.map | SQL Comment Sequence Detected. /AppPlugins/uSync/usync.9.4.0.min.js.map | SQL Comment Sequence Detected. /AppPlugins/uSyncExpansions/usyncexpansions.9.4.0.min.js.map | SQL Comment Sequence Detected. /sb/nmap/umbraco-backoffice-extensions-js.js.va1a6e1d56e877b2aae61448cf4cc4042df75b24b | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /AppPlugins/Plumber/Backoffice/js/plumber.js.map | SQL Hex Encoding Identified /AppPlugins/uSync/usync.9.4.0.min.js.map | SQL Hex Encoding Identified /AppPlugins/uSyncExpansions/usyncexpansions.9.4.0.min.js.map | SQL Hex Encoding Identified /sb/nmap/umbraco-backoffice-extensions-js.js.va1a6e1d56e877b2aae61448cf4cc4042df75b24b | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /AppPlugins/Plumber/Backoffice/js/plumber.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /AppPlugins/uSync/usync.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /AppPlugins/uSyncExpansions/usyncexpansions.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /AppPlugins/uSyncPeopleEdition/usyncpeopleedition.9.4.0.min.js.map | Execution error - PCRE limits exceeded (-8): (null). /AppPlugins/Plumber/Backoffice/js/plumber.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /AppPlugins/uSyncPeopleEdition/usyncpeopleedition.9.4.0.min.js.map | SQL Comment Sequence Detected. /AppPlugins/uSync/usync.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /AppPlugins/uSyncPeopleEdition/usyncpeopleedition.9.4.0.min.js.map | SQL Hex Encoding Identified /AppPlugins/uSyncExpansions/usyncexpansions.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /AppPlugins/uSyncPeopleEdition/usyncpeopleedition.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /AppPlugins/uSyncSnapshots/usyncsnapshots.9.4.0.min.js.map | Execution error - PCRE limits exceeded (-8): (null). /api/keepalive/ping | Missing User Agent Header /AppPlugins/uSyncPeopleEdition/usyncpeopleedition.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /AppPlugins/uSyncSnapshots/usyncsnapshots.9.4.0.min.js.map | SQL Comment Sequence Detected. /AppPlugins/uSyncSnapshots/usyncsnapshots.9.4.0.min.js.map | SQL Hex Encoding Identified /AppPlugins/uSyncSnapshots/usyncsnapshots.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10) /App_Plugins/uSyncSnapshots/usyncsnapshots.9.4.0.min.js.map | Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Hex Encoding Identified /umbraco/api/keepalive/ping | Missing User Agent Header /api/keepalive/ping | Missing User Agent Header /umbraco/api/keepalive/ping | Missing User Agent Header
is working on a reply...