No traffic is checked by Front Door WAF

Bill Wolohan 61

I upgraded my Front Door from standard to premium. I created a WAF policy with the defaults and associated it with my front door. However, it doesn't log anything to FrontDoorWebApplicationFirewallLog and the metric Web Application Firewall Request Count shows nothing. I created another front door from scratch and got it to work. I compared the 2 and don't see any differences. Any idea how to proceed?

Rohith Vinnakota 3,000 Reputation points Microsoft External Staff

2025-02-26T21:29:00.8733333+00:00
Hi @Bill Wolohan,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Ensure that diagnostic settings for the Front Door was correctly configured to send logs to Log Analytics Workspace or another destination.

Ensure that WAF policy association was properly configured on front door endpoint.

Create some custom rule by applying deny action and see if you could observe any deny WAF Logs.

Refer this document from standard to premium tier upgrade:
https://learn.microsoft.com/en-us/azure/frontdoor/tier-upgrade#upgrade-tier

Waf log document:

Azure Web Application Firewall monitoring and logging | Microsoft Learn
Kindly let us know if the above helps or you need further assistance on this issue.
Bill Wolohan 61 Reputation points

2025-02-27T14:31:11.42+00:00
Thanks for responding Rohith.

Ensure that diagnostic settings for the Front Door was correctly configured to send logs to Log Analytics Workspace or another destination.

We have diagnostics set up and it is logging to the categories FrontDoorAccessLog and FrontDoorHealthProbeLog but not to FrontDoorWebApplicationFirewallLog.

Ensure that WAF policy association was properly configured on front door endpoint.

The association is set up and looks correct. There don't seem to be any options.

Create some custom rule by applying deny action and see if you could observe any deny WAF Logs.

I've added a custom rule and even switched to prevention mode, but nothing is getting logged.

Enable WAF rules manually for the new Premium WAF policy copies after upgrading

I'm not sure what you mean here. I disabled and enabled some of the rules but to no avail.

I reviewed the links you sent again and I believe I've set everything up correctly.

Thanks,

Bill Wolohan
Bill Wolohan 61 Reputation points

2025-02-27T16:36:39.2233333+00:00
Thanks for responding Rohith.

Ensure that diagnostic settings for the Front Door was correctly configured to send logs to Log Analytics Workspace or another destination.

We have diagnostics set up and it is logging to the categories FrontDoorAccessLog and FrontDoorHealthProbeLog but not to FrontDoorWebApplicationFirewallLog.

Ensure that WAF policy association was properly configured on front door endpoint.

The association is set up and looks correct. There don't seem to be any options.

Create some custom rule by applying deny action and see if you could observe any deny WAF Logs.

I've added a custom rule and even switched to prevention mode, but nothing is getting logged.

Enable WAF rules manually for the new Premium WAF policy copies after upgrading

I'm not sure what you mean here. I disabled and enabled some of the rules but to no avail.

I reviewed the links you sent again and I believe I've set everything up correctly.

Thanks,

Bill Wolohan
Bill Wolohan 61 Reputation points

2025-02-28T15:17:09.0433333+00:00

This turned out to be my mistake. I have multiple domains in my front door and I hadn't associated all of them with the WAF policy.
Venkat V 775 Reputation points Microsoft External Staff

2025-03-01T04:36:06.49+00:00

Hi@Bill Wolohan Thank you for the confirmation.

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

Issue: The firewall logs will not show up in the logs if the WAF policy is not linked.

Please click Accept my Answer to assist other community members facing similar issues in finding the correct solution.

Accepted answer

Venkat V 775 Reputation points Microsoft External Staff

2025-02-28T14:56:27.42+00:00
Hi @Bill Wolohan

Welcome to the Microsoft Q&A Platform.

Thank you for reaching out & I hope you are doing well.

There are reasons why the FrontDoorWebApplicationFirewallLog is not appearing in Log Analytics. Please check the points below.

The reason the FrontDoorWebApplicationFirewallLog table is not appearing in Log Analytics is that logs will only be generated if a firewall event occurs in Front Door.

If you did not select the FrontDoor WebApplicationFirewall Log while attaching logs to Log Analytics, those logs will not appear.

Make sure to enable the managed rule set after upgrading to the Premium SKU.follow the Ms Doc for more details.

Note: If you create a WAF manually, the managed rule set will be enabled automatically.

As I tested in my lab, there are no firewall events in Azure Front Door, so there are no firewall logs in log analytics workspace.

AzureDiagnostics | summarize Count=count() by Category | order by Count desc

For testing, I generated malicious attacks on Front Door endpoints.

After generating malicious traffic, the managed rule set blocked the traffic, and it was detected in the WebApplicationFirewall Log.

Reference: Upgrade from Azure Front Door Standard to Premium

I hope this helps to resolve your issue.

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Please sign in to rate this answer.
Venkat V 775 Reputation points Microsoft External Staff

2025-03-03T08:47:57.5033333+00:00

Hi @Bill Wolohan

I just wanted to follow up and see if you had a chance to review my response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

No traffic is checked by Front Door WAF

0 additional answers

Your answer