How do I configure the Azure Application Gateway / backend pool to drop requests that are blocked by the WAF as the log file indicate the request was blocked but the script ends up in the database.

Derek Green 5 Reputation points
2024-05-16T08:21:12.23+00:00

requests blocked by the WAF are being forwarded to the backend API servers. How do you configure the backend pool or WAF to drop requests that are blocked by the WAF.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Jimmy Mattsson 5 Reputation points
    2024-08-07T13:41:46.8133333+00:00

    I hade the same problem, it was resolved by adding a HSTS response header to the rewrite rules in agw:

    strict-transport-security: max-age=63072000; includeSubDomains; preload

    1 person found this answer helpful.

  2. ChaitanyaNaykodi-MSFT 26,526 Reputation points Microsoft Employee
    2024-05-17T01:09:56.5766667+00:00

    @Derek Green

    Thank you for reaching out.

    I understand you wish to drop the request when they are blocked by the WAF.

    You achieve this by setting the WAF in prevention mode and then modifying the action to Block as shown in the screenshot below.

    User's image

    As documented here

    • Block: The request is blocked and WAF sends a response to the client without forwarding the request to the back-end.

    Hope this helps! Please let me know if the issue still persists. Thank you!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.