Forum Discussion

jkurzawa's avatar
jkurzawa
New Contributor
11 months ago

Multipart requests getting blocked by the Azure WAF 200003

Hi, I am having an issue with multipart requests being blocked by Azure WAF and returning 403. The requests are POSTs with small attachment files (png, jpeg, pdf). They are blocked by Azure Application Gateway with the following rule: 

  • RuleId: 200003 Description: Multipart Request Body Strict Validation

I have tried the same request in some other tools (Postman and Bruno) and there they are not getting blocked and return 200s. Do you know about any possible fix to the requests being blocked when sent from ReadyAPI?

There are some topics with similar issue I found:

Thanks in advance

3 Replies

Sort By
  • richie's avatar
    richie
    Community Hero
    11 months ago
    Copy Link

    Hey @jkurzawa,

    Whenever I've had this before where "something works in Postman, but doesn't in ReadyAPI" - I check the headers on the request" as more often than not - this was the problem.  Typically it's either the headers (I'm mostly thinking content-type) or payload - especially with multipart type.  It's easy to get it wrong.

    are you definitely using multipart/form-data rather than multipart/mixed rather than application/x-www-form-urlencoded?

    Anyway - before now - I've submitted the successful Postman request and reviewed the RAW request.  Then I've submitted the request using ReadyAPI and compared the RAW requests - the differences are the problem. 

    Then it's just a case of doing whatever's needed to fix the differences so the RAW request of your ReadyAPI! looks identical to the RAW request of your equivalent Postman request.

    Did you follow these instructions --> https://support.smartbear.com/readyapi/docs/requests/attachment/rest.html to submit your request in ReadyAPI!?

    Please note - it's been a couple of years - but there was a defect in the ReadyAPI! code the last time I did this a couple of years ago.  I can't remember what it is - but follow the instructions and compare with what ReadyAPI! does - I think it auto-completes the filename or parameter value incorrectly - you need to manually alter it to correct it afterwards.

    If you post back with progress / screenshots we should be able to resolve your issue,

    Cheers,

    rich

    • jkurzawa's avatar
      jkurzawa
      New Contributor
      11 months ago
      Copy Link

      Hi richie

      First of all thank you for the detailed reply!
      I followed the instructions you sent the link to and then compared raw requests from both ReadyAPI and Postman. There were some differences in the requests, so I made some modifications, but unfortunately still didn't manage to make it work.

      I am attaching raw requests. the only real difference I see is the 'boundary' parameter, so I will try to somehow modify that.

      Postman request (that one works):

      POST [Redacted] HTTP/1.1
MIME-Version: 1.0
Connection: Keep-Alive
Accept-Encoding: gzip,deflate,br
Authorization: Bearer [Redacted]
User-Agent: PostmanRuntime/7.37.3
Accept: */*
Postman-Token: [Redacted]
Host: [Redacted]
Content-Type: multipart/form-data; boundary=--------------------------362113083232692374548533
Content-Length: 160138
 
----------------------------362113083232692374548533
Content-Disposition: form-data; name="attachment"; filename="test.png"
<test.png>
----------------------------362113083232692374548533--

      ReadyAPI request:

      POST [Redacted] HTTP/1.1
Accept-Encoding: gzip,deflate,br
Content-Type: multipart/form-data; boundary="----=_Part_498_280555933.1715003877236"
MIME-Version: 1.0
Authorization: Bearer [Redacted]
Accept: */*
Content-Length: 160089
Host: [Redacted]
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.10)

------=_Part_498_280555933.1715003877236
Content-Disposition: form-data; name="attachment"; filename="test.png"

‰PNG