Skip to content

App Gateway - OWASP Changelog: 3.1 → 3.2

Generated: 05 July 2026 | Base: 3.1 | Target: 3.2

Summary: 6 added · 2 removed · 1 changed

Added Rules

Rule ID Rule Group Name Description Action State
200002 General Failed to Parse Request Body. AnomalyScoring Enabled
200003 General Multipart Request Body Strict Validation. AnomalyScoring Enabled
933200 REQUEST-933-APPLICATION-ATTACK-PHP PHP Injection Attack: Wrapper scheme detected AnomalyScoring Enabled
933210 REQUEST-933-APPLICATION-ATTACK-PHP PHP Injection Attack: Variable Function Call Found AnomalyScoring Enabled
941360 REQUEST-941-APPLICATION-ATTACK-XSS JavaScript obfuscation detected. AnomalyScoring Enabled
942500 REQUEST-942-APPLICATION-ATTACK-SQLI MySQL in-line comment detected. AnomalyScoring Enabled

Removed Rules

Rule ID Rule Group Name Description Action State
920130 REQUEST-920-PROTOCOL-ENFORCEMENT Failed to parse request body. AnomalyScoring Enabled
920140 REQUEST-920-PROTOCOL-ENFORCEMENT Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED} AnomalyScoring Enabled

Changed Rules

Rule ID Rule Group Field Before After
800100 Known-CVEs Description Rule to help detect and mitigate log4j vulnerability - CVE-2021-44228 Rule to help detect and mitigate log4j vulnerability - CVE-2021-44228, CVE-2021-45046