Can I temporarily enable Azure Firewall on a demo environment for testing, and then remove it to stop incurring firewall costs once I apply the configuration to production?
Can I temporarily enable Azure Firewall on a demo environment for testing, and then remove it to stop incurring firewall costs once I apply the configuration to production? Does Azure Firewall incur costs for just being applied to a subnet or VNet, or…
WAF IPv6 custom match rules for Application Gateway products
This blog post announced enhanced support for IPv6 and WAF on Front Door, including IPv6 custom match rules. Will Azure support custom IPv6 match rules on the Azure Application Gateway series of products while using dual-stack configuration with WAF? Is…
How to preserve the Client IP that is amended by Azure Front Door, another amendment by App Gateway before reaching Azure APIM
Hi, My setup is configured with Azure Front Door + Azure WAF --> Azure App Gateway + WAF --> Azure API Management. The diagnostic data logs are kept with Azure Monitor. I am trying to configure in bound throttling policy on APIM to rate limit user…
How do I configure the Azure Application Gateway / backend pool to drop requests that are blocked by the WAF as the log file indicate the request was blocked but the script ends up in the database.
requests blocked by the WAF are being forwarded to the backend API servers. How do you configure the backend pool or WAF to drop requests that are blocked by the WAF.
When to use Azure WAF or Azure Firewall ?
Hi Folks, Can anyone here please share some thoughts and comments of when to use Azure WAF or Azure Firewall? I have already existing Azure ExpressRoute so my Azure VMs can ping my OnPremise servers, and vice versa. My purpose here is to be able to…
Regex Capabilities in Azure WAF via Terraform
Hello, I am currently working on deploying Azure Web Application Firewall (WAF) custom rules using Terraform. I understand that I can use regex expressions when creating custom rules directly through the Azure Portal. However, I am unsure if this regex…
Intermittent 404 Errors with Azure Static Web App and Application Gateway
Hi Folks, We are experiencing intermittent 404 errors when trying to access our Static Web App through our main DNS hostname behind an Azure Application Gateway. However, when we use the direct Static Web App URL, everything works as expected without any…
Requests get blocked in WAF with ERRORINFO_NO_ERROR
In Azure, I have an application gateway with web application firewall. Recently, requests from end users have been blocked with http status 403 Forbidden. They're perfectly normal requests, and I see no reason why they should be blocked. In de logs, the…
Requesting Assistance to Resolve the issue with azure WAF rule 942440
Hi Team, We have hosted the application on the Azur server using the app gateway and also applied WAF provisions. However, we are facing the issue below. The application's host needs assistance solving the rules to load the application…
Allow B2C REST API Calls through Geo-Fenced Application Gateway
REST API calls from B2C are being rejected by the WAF, which has geo-fencing enabled for Qatar only, while B2C is deployed in the Europe region. What methods can be employed to allow B2C servers to successfully call the APIs?
WAF Log Scrubbing XML payloads
Hi, First poster here. I have a SOAP API that is behind an APP GW with WAF and then an APIM. Some of the payloads are triggering built in WAF rules and causing logs to be recorded. I have configured the log scrubbing to target the named properties inside…
Allow-Access-Control-Origin Error on Web App
Hey everyone. I may be missing something simple, but here's one for you guys! Turning on App Gateway WAF Policy with a custom rule for geo location match. Essentially just to deny any traffic outside of select countries. Without this WAF Policy turned…
Need to exclude specific string that could appear in multiple URLs for Azure WAF.
We use different advertisements that refer to pages on our website. When the third party puts the link on their site it modifies the URL and adds a specific string to the referring URL that is currently being blocked by Azure WAF. It is always firing…
How would TLS inspection work with WAF enabled App Gateway and Azure Firewall?
Hi, I have been struggling with this from a while now. Our design has WAF enabled App gateway for incoming HTTP / HTTPS traffic from internet and then have Azure Firewall behind it. Have couple of queries for which I need assistance: 1: Does WAF has…
Azure FrontDoor WAF rate limit unexpected behavior
Hi, recently I configured WAF on Azure FrontDoor, but I noticed that the “rate limit” feature not working as expected. I have 2 rules configured with “rate limit”: Then I used the following batch script to make requests to my URL: @echo…
How to remove WAF policy safely.We have an AKAMAI device before the App GW and do not need WAF capability anymore.What is the safest way to do so.
How to remove WAF policy safely or disassociate WAF policy . We have an AKAMAI device before the App GW in our environment hence we do not need WAF capability anymore. What is the safest way to do so. Also can I do it via portal and if I am doing it via…
Need assistance to resolve waf rule " Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"
Hi We need assistance in resolving an issue with the WAF while loading the following application URL. The web application is calling the API to load the application. Please find the URL and the error message below for reference. Please need assistance…
In "Application Gateway WAF policy" resources cannot select "Rate limit" rule type in custom rules. Only "Match" available.
Hi, In "Application Gateway WAF policy" resources cannot select "Rate limit" rule type in custom rules. Only "Match" available. I want to configure rate-limit rules in my WAF for Application Gateway. I have a bunch of…
I am getting request such as "~^.*\.mywebsite\.com$" on my azure application gateway. This causes "ERRORINFO_REQUEST_URI_INVALID" error. How do i prevent invalid requests at the Azure WAF2 level?
Recently, we are getting a lot of requests such as "~^.*.mywebsite.com$" and it gets logged in the Application Gateway as "ERRORINFO_REQUEST_URI_INVALID". We would like to prevent such wildcard requests at the Web Application…
going with the application gateway in fornt of azure firewall does it lose the benefit of l7 load balancing
I have an Azure firewall in a hub and spoke architecture, and one of the spokes contains my web servers, for HTTPS filtering I have an application gateway with the WAF feature and l7 load balancing. I have a requirement to keep centralized security…