This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud Armor Method Enforcement Additional HTTP Methods

Posted on 01-03-2024 06:14 AM
Nathan-Scott
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

The methodenforcement-v33-stable has a rule (only one in entire set - owasp-crs-v030301-id911100-methodenforcement) that is triggering on HTTP methods our system requires.

Found this within the online docs (https://cloud.google.com/armor/docs/waf-rules#method_enforcement)

NathanScott_1-1704290964619.png

But the CRS ruleset itself allows for additonal methods to be added within a config file -

NathanScott_2-1704291157682.png

Is this functionality not supported in Cloud Armor? If not it seems only solution is disabling entirely.

1 1 2,770
Topic Labels
1 REPLY 1
Top Labels in this Space