Environment: We have a Windows application installed in the customer agents machine, a feature of this application is to upload images to the server via http post. These requests go through Azure Gateway and WAF is enabled with OWASP3.2 all rules enabled. Request details are displayed in Fig-1 data is sent as MultipartFormData.
Problem Statement: These requests are blocked by WAF when our Windows application sends the request but the same requests are allowed when posted from PostMan. The RULE 200003 [Multipart Request Body Strict Validation.] is blocking the request and the reason for the block is [Equal 1 at MULTIPART_STRICT_ERROR.]. For reference below Fig-2.
Things tried to resolve
- Used the query generated from PostMan in a console application
- Used fiddler to see the request format how PostMan is sending and modified the console app request to the same request format
- Referred 2 URLs - a)StackOverflow, b)Microsoft where they say it is a bug from the Microsft side but it's working via PostMan
Question: Why is WAF allowing requests from PostMan and not from Visual Studio via a console app or an installed Windows application?