You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -446,11 +446,6 @@ The following rule groups and rules are available when using Web Application Fir
446
446
447
447
*<sup>This rule's action is set to log by default. Set action to Block to prevent against Apache Struts vulnerability. Anomaly Score not supported for this rule.</sup>
448
448
449
-
> [!NOTE]
450
-
> When reviewing your WAF's logs, you might see rule ID 949110. The description of the rule might include *Inbound Anomaly Score Exceeded*.
451
-
>
452
-
> This rule indicates that the total anomaly score for the request exceeded the maximum allowable score. For more information, see [Anomaly scoring](./ag-overview.md#anomaly-scoring-mode).
453
-
454
449
455
450
# [OWASP 3.2](#tab/owasp32)
456
451
@@ -1027,11 +1022,15 @@ Bot300600 scans both client IP addresses and IPs in the `X-Forwarded-For` header
1027
1022
1028
1023
---
1029
1024
1030
-
The following rule groups and rules are no longer supported on Web Application Firewall on Application Gateway.
1031
1025
> [!NOTE]
1032
-
> CRS 3.0 and CRS 2.2.9 are no longer supported in Azure WAF. We recommend you upgrade to DRS 2.1 / CRS 3.2
1026
+
> When reviewing your WAF's logs, you might see rule ID 949110. The description of the rule might include *Inbound Anomaly Score Exceeded*.
1027
+
>
1028
+
> This rule indicates that the total anomaly score for the request exceeded the maximum allowable score. For more information, see [Anomaly scoring](./ag-overview.md#anomaly-scoring-mode).
1029
+
1030
+
1031
+
The following rulesets - CRS 3.0 and CRS 2.2.9 groups and rules are no longer supported in Azure Web Application Firewall on Application Gateway. We recommend you upgrade to DRS 2.1 / CRS 3.2
1033
1032
1034
-
# [OWASP 3.0](#tab/owasp30)
1033
+
# [OWASP 3.0 - no longer supported](#tab/owasp30)
1035
1034
1036
1035
## <aname="owasp30"></a> 3.0 rule sets
1037
1036
@@ -1239,7 +1238,7 @@ The following rule groups and rules are no longer supported on Web Application F
1239
1238
|943110|Possible Session Fixation Attack = SessionID Parameter Name with Off-Domain Referrer|
1240
1239
|943120|Possible Session Fixation Attack = SessionID Parameter Name with No Referrer|
1241
1240
1242
-
# [OWASP 2.2.9](#tab/owasp2)
1241
+
# [OWASP 2.2.9 - no longer supported](#tab/owasp2)
0 commit comments