Hello everyone.
I have enabled a WAF protection policy on my website.
And now I have some WAF anomaly.
Problem is I can't find the reason of the anomaly.
Here is the log that I have in the log viewer :
2022-06-18 12:00:41Web server protectionmessageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="xxxxxxxx.xx" src_ip="XX.XX.XX.XX" local_ip="XX.XX.XX.XX" protocol="HTTP/1.1" url="/Account/Login" query_string="" cookie=".AspNetCore.Antiforgery.5C72YkdQ8=CfDJ8H6OqtRk5mFNgR29thUJp93cVi1QP3HZq3pGUzYVcpGakMlIQ; HASH_.AspNetCore.Antiforgery.C72YkdQ8=33980a352d756b691cb3465e67119; expires=Thu, 01 Jan 1970 00:00:00 GMT" referer="">https://xxxxxxxxxxxx.xx/xxx" method="POST" response_code="403" reason="WAF Anomaly" extra="Inbound Anomaly Score Exceeded (Total Score: 5)" content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" response_time="7297" bytes_sent="582" bytes_received="3680" fw_rule_id="26"
How can I determine the origin of the issue ?
King regards
This thread was automatically locked due to age.
