![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 17%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,080 questions
Hello @Azure Developer ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you are facing an issue with Application gateway WAF where the server information is being disclosed in HTTP response header of 403 error and you are unable to implement rewrite set for same.
As mentioned in the Application Gateway header rewrite limitations,
Rewrites aren't supported for 4xx and 5xx responses generated directly from Application Gateway
Refer: https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#limitations
If you wish you may upvote the feedback in the below forum requesting this feature. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
https://feedback.azure.com/d365community/idea/88a5fb41-8010-ee11-a81c-000d3adb7ffd
So, maybe you can take a look into Custom error pages supported by Application gateway in this case.
Application Gateway allows you to create custom error pages instead of displaying default error pages. You can use your branding and layout for errors related to different response codes.
You can define customized error pages for different response codes returned by the Application Gateway. The response codes for which you can configure error pages are 400, 403, 405, 408, 500, 502, 503, and 504. You can use global-level or listener-specific error page configuration to set them granularly for each listener.
To create a custom error page, you should:
- know the response code for which a custom error page is needed.
- know the corresponding remote location (URL) for the HTML page. This must be a publicly accessible file.
- ensure the error page is publicly accessible and return a 200 response.
- ensure the error page should be in *.htm or *.html extension type.
- ensure the page size is less than 1 MB.
- You may reference internal or external images/CSS for this HTML file. For externally referenced resources, use absolute URLs that are publicly accessible. Be aware of the HTML file size when using base64-encoded inline images, JavaScript, or CSS.
Refer:
https://learn.microsoft.com/en-us/azure/application-gateway/custom-error
Additional info:
- The custom error pages are displayed for response codes generated by Application Gateway. If an error originates from the backend server, it is passed along unmodified to the client.
- Rewrites aren't supported when the application gateway is configured to redirect the requests or to show a custom error page.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.