iWAF Exceptions with Regex Matching for Arguments
This article discusses configuring iWAF exceptions with regex matching for arguments. Avi Vantage supports Regex for URL matching.
Avi iWAF uses PCRE (Perl Compatible Regular Expressions) as regex.
Starting with release 18.2.2, Avi Vantage supports configuring regular expressions for arguments. The
match_element field under WAF Policy can be configured to use a regular expression instead of just a keyword.
Configuring Regex Matching for Arguments
Login to the Controller shell and enter the command to edit the required WAF policy.
configure wafpolicy policy_name edit
match_element_criteriaby typing slash (‘/’), followed by the keyword match_element_criteria.
Configure the desired regex in the
match_elementfield as shown below. Under match_element, set the
match_casefield to SENSITIVE and the
match_opfield to REGEX_MATCH.
exclude_list: - match_element: ARGS:regex match_element_criteria: match_case: SENSITIVE match_op: REGEX_MATCH uri_match_criteria: match_case: SENSITIVE match_op: REGEX_MATCH uri_path: ^/test.php
Escand enter :wq. Type
saveto save the configuration.
The argument name can have several fixed and dynamic parts. Consider an example of an URL as follows:
"][body]" are the fixed parts and the number
 is a dynamic value that varies with each request. An example attack on this application will be as follows:
The regex required for creating an exception for this example would be:
URL Regex: ^/typo/test_doc.php Match element Regex: ARGS:data\[news\]\[.*\]\[body\]
The WAF Policy configuration would be as follows:
exclude_list: - match_element: ARGS:data\[news\]\[.*\]\[body\] match_element_criteria: match_case: SENSITIVE match_op: REGEX_MATCH uri_match_criteria: match_case: SENSITIVE match_op: REGEX_MATCH uri_path: ^/typo/test_doc.php
On Avi UI, navigate to Templates > WAF > WAF Policy. Click on the policy to be edited or create a new policy as required.
Under the Rules tab, navigate to the relevant rule under the rule sets. Click on the dropdown for a rule to expand the configuration options. Click on + Add Exception to configure the exception.
Under the EXCEPTIONS field enter the regular expression and click on the checkbox for Regex Match.
Save the configuration.