![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 52%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
328 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thank you for getting back and apologies for the delay here.
I think the main issue here is that it is not obvious from the Azure Portal Web UI that OWASP should be updated to use Rate-limit.
This is great feedback, it will help if you could file this feedback on the feedback portal here so that the team can prioritize this request.
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to accept the answer .
Issue:
- I want to configure rate-limit rules in my WAF for Application Gateway. I have a bunch of "Match" custom rules that work great. But when I to follow the official doc I fail, because there is no "Rate limit" in my radio button.
Solution:
I tried with the cli and it gave me the answer:
az network application-gateway waf-policy custom-rule create --policy-name <REDACTED> --resource-group <REDACTED> --action Block --name ClientIPRateLimitRule --priority 90 --rule-type RateLimitRule --rate-limit-threshold 100 --group-by-user-session '[{'"groupByVariables"':[{'"variableName"':'"ClientAddr"'}]}]'
(ApplicationGatewayFirewallCustomRuleRateLimitUnsupportedManagedRuleSet) Custom Rule ClientIPRateLimitRule of type RateLimitRule and in context properties.customRules[3] is not supported with the current Managed Ruleset version. Use OWASP_3.2 or above.
Code: ApplicationGatewayFirewallCustomRuleRateLimitUnsupportedManagedRuleSet
Message: Custom Rule ClientIPRateLimitRule of type RateLimitRule and in context properties.customRules[3] is not supported with the current Managed Ruleset version. Use OWASP_3.2 or above.
So after I updated managed rule set from OWASP_3.0 to OWASP_3.2 I managed to configure rate limit custom rules.
If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.
Regards,
Chaitanya