329 questions with Azure Web Application Firewall tags

Sort by: Updated
2 answers One of the answers was accepted by the question author.

Can I temporarily enable Azure Firewall on a demo environment for testing, and then remove it to stop incurring firewall costs once I apply the configuration to production?

Can I temporarily enable Azure Firewall on a demo environment for testing, and then remove it to stop incurring firewall costs once I apply the configuration to production? Does Azure Firewall incur costs for just being applied to a subnet or VNet, or…

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
685 questions
Azure Cost Management
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
2,753 questions
Azure Web Application Firewall
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
95 questions
asked 2024-11-20T07:06:53.8366667+00:00
chitra manju 20 Reputation points
accepted 2024-11-21T05:08:50.4866667+00:00
chitra manju 20 Reputation points
0 answers

WAF IPv6 custom match rules for Application Gateway products

This blog post announced enhanced support for IPv6 and WAF on Front Door, including IPv6 custom match rules. Will Azure support custom IPv6 match rules on the Azure Application Gateway series of products while using dual-stack configuration with WAF? Is…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
asked 2024-11-18T13:28:00.1233333+00:00
Nils Magnus Løfgren 0 Reputation points
commented 2024-11-20T21:13:19.0733333+00:00
Rohith Vinnakota 1,240 Reputation points Microsoft Vendor
1 answer One of the answers was accepted by the question author.

How to preserve the Client IP that is amended by Azure Front Door, another amendment by App Gateway before reaching Azure APIM

Hi, My setup is configured with Azure Front Door + Azure WAF --> Azure App Gateway + WAF --> Azure API Management. The diagnostic data logs are kept with Azure Monitor. I am trying to configure in bound throttling policy on APIM to rate limit user…

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,191 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
696 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
asked 2024-07-16T00:28:41.8333333+00:00
Bi Tan 40 Reputation points
accepted 2024-11-14T05:03:47.3766667+00:00
Bi Tan 40 Reputation points
2 answers

How do I configure the Azure Application Gateway / backend pool to drop requests that are blocked by the WAF as the log file indicate the request was blocked but the script ends up in the database.

requests blocked by the WAF are being forwarded to the backend API servers. How do you configure the backend pool or WAF to drop requests that are blocked by the WAF.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
asked 2024-05-16T08:21:12.23+00:00
Derek Green 5 Reputation points
edited a comment 2024-11-06T22:46:04.7333333+00:00
Sean Bodor 5 Reputation points
8 answers

When to use Azure WAF or Azure Firewall ?

Hi Folks, Can anyone here please share some thoughts and comments of when to use Azure WAF or Azure Firewall? I have already existing Azure ExpressRoute so my Azure VMs can ping my OnPremise servers, and vice versa. My purpose here is to be able to…

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
685 questions
Azure Web Application Firewall
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
95 questions
asked 2020-11-15T13:17:27.597+00:00
EnterpriseArchitect 5,411 Reputation points
answered 2024-10-26T23:21:11+00:00
Ugacomp Technologies 0 Reputation points
1 answer

Regex Capabilities in Azure WAF via Terraform

Hello, I am currently working on deploying Azure Web Application Firewall (WAF) custom rules using Terraform. I understand that I can use regex expressions when creating custom rules directly through the Azure Portal. However, I am unsure if this regex…

Azure Web Application Firewall
asked 2024-10-18T12:27:11.9433333+00:00
Sena Sarici 20 Reputation points
commented 2024-10-23T20:06:19.0733333+00:00
Rohith Vinnakota 1,240 Reputation points Microsoft Vendor
1 answer One of the answers was accepted by the question author.

Intermittent 404 Errors with Azure Static Web App and Application Gateway

Hi Folks, We are experiencing intermittent 404 errors when trying to access our Static Web App through our main DNS hostname behind an Azure Application Gateway. However, when we use the direct Static Web App URL, everything works as expected without any…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
988 questions
asked 2024-10-21T19:45:04.01+00:00
Prathap Dasari 45 Reputation points
accepted 2024-10-22T15:25:49.1233333+00:00
Prathap Dasari 45 Reputation points
0 answers

Requests get blocked in WAF with ERRORINFO_NO_ERROR

In Azure, I have an application gateway with web application firewall. Recently, requests from end users have been blocked with http status 403 Forbidden. They're perfectly normal requests, and I see no reason why they should be blocked. In de logs, the…

Azure Web Application Firewall
asked 2024-09-18T09:14:23.2+00:00
Ard de Gelder 0 Reputation points
commented 2024-10-21T14:30:20.3+00:00
Ard de Gelder 0 Reputation points
1 answer

Requesting Assistance to Resolve the issue with azure WAF rule 942440

Hi Team, We have hosted the application on the Azur server using the app gateway and also applied WAF provisions. However, we are facing the issue below. The application's host needs assistance solving the rules to load the application…

Azure Web Application Firewall
asked 2024-10-15T13:05:41.3633333+00:00
Vipul Laxmikant Redkar 0 Reputation points
answered 2024-10-17T02:37:59.6933333+00:00
Sai Prasanna Sinde 1,265 Reputation points Microsoft Vendor
0 answers

Allow B2C REST API Calls through Geo-Fenced Application Gateway

REST API calls from B2C are being rejected by the WAF, which has geo-fencing enabled for Qatar only, while B2C is deployed in the Europe region. What methods can be employed to allow B2C servers to successfully call the APIs?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,678 questions
asked 2024-10-13T13:41:49.18+00:00
Muhammad Waris 0 Reputation points
commented 2024-10-16T15:19:37.9+00:00
Ganesh Patapati 1,745 Reputation points Microsoft Vendor
0 answers

WAF Log Scrubbing XML payloads

Hi, First poster here. I have a SOAP API that is behind an APP GW with WAF and then an APIM. Some of the payloads are triggering built in WAF rules and causing logs to be recorded. I have configured the log scrubbing to target the named properties inside…

Azure Web Application Firewall
asked 2024-10-04T12:33:44.4+00:00
Alex Savage 0 Reputation points
commented 2024-10-16T00:46:17.0233333+00:00
Sai Prasanna Sinde 1,265 Reputation points Microsoft Vendor
0 answers

Allow-Access-Control-Origin Error on Web App

Hey everyone. I may be missing something simple, but here's one for you guys! Turning on App Gateway WAF Policy with a custom rule for geo location match. Essentially just to deny any traffic outside of select countries. Without this WAF Policy turned…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
926 questions
asked 2024-09-24T19:45:46.7866667+00:00
Joseph Dutton 135 Reputation points
commented 2024-10-14T13:06:19.9433333+00:00
KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee
0 answers

Need to exclude specific string that could appear in multiple URLs for Azure WAF.

We use different advertisements that refer to pages on our website. When the third party puts the link on their site it modifies the URL and adds a specific string to the referring URL that is currently being blocked by Azure WAF. It is always firing…

Azure Web Application Firewall
asked 2024-10-04T12:15:35.1466667+00:00
Mike VP 0 Reputation points
commented 2024-10-04T20:49:19.31+00:00
ChaitanyaNaykodi-MSFT 26,526 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

How would TLS inspection work with WAF enabled App Gateway and Azure Firewall?

Hi, I have been struggling with this from a while now. Our design has WAF enabled App gateway for incoming HTTP / HTTPS traffic from internet and then have Azure Firewall behind it. Have couple of queries for which I need assistance: 1: Does WAF has…

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
685 questions
Azure Web Application Firewall
asked 2024-09-18T23:33:09.83+00:00
Rakesh Singh 270 Reputation points
edited a comment 2024-10-03T19:28:10.1833333+00:00
Mail Sa 0 Reputation points
1 answer One of the answers was accepted by the question author.

Azure FrontDoor WAF rate limit unexpected behavior

Hi, recently I configured WAF on Azure FrontDoor, but I noticed that the “rate limit” feature not working as expected. I have 2 rules configured with “rate limit”: Then I used the following batch script to make requests to my URL: @echo…

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
696 questions
Azure Web Application Firewall
asked 2021-12-16T17:02:15.937+00:00
Maksym Kharchenko2 46 Reputation points
edited a comment 2024-10-02T09:54:09.0233333+00:00
Nikhil Singh 5 Reputation points
1 answer

How to remove WAF policy safely.We have an AKAMAI device before the App GW and do not need WAF capability anymore.What is the safest way to do so.

How to remove WAF policy safely or disassociate WAF policy . We have an AKAMAI device before the App GW in our environment hence we do not need WAF capability anymore. What is the safest way to do so. Also can I do it via portal and if I am doing it via…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
926 questions
asked 2023-03-21T05:27:06.58+00:00
Samar Masood Khan 20 Reputation points
commented 2024-09-26T11:27:17.2633333+00:00
KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee
0 answers

Need assistance to resolve waf rule " Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"

Hi We need assistance in resolving an issue with the WAF while loading the following application URL. The web application is calling the API to load the application. Please find the URL and the error message below for reference. Please need assistance…

Azure Web Application Firewall
asked 2024-09-24T08:38:54.99+00:00
Vipul Laxmikant Redkar 0 Reputation points
commented 2024-09-26T08:23:52.2566667+00:00
KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee
1 answer

In "Application Gateway WAF policy" resources cannot select "Rate limit" rule type in custom rules. Only "Match" available.

Hi, In "Application Gateway WAF policy" resources cannot select "Rate limit" rule type in custom rules. Only "Match" available. I want to configure rate-limit rules in my WAF for Application Gateway. I have a bunch of…

Azure Web Application Firewall
asked 2024-09-04T15:48:06.59+00:00
Alex Vasiuk 0 Reputation points
answered 2024-09-26T01:32:25.52+00:00
ChaitanyaNaykodi-MSFT 26,526 Reputation points Microsoft Employee
1 answer

I am getting request such as "~^.*\.mywebsite\.com$" on my azure application gateway. This causes "ERRORINFO_REQUEST_URI_INVALID" error. How do i prevent invalid requests at the Azure WAF2 level?

Recently, we are getting a lot of requests such as "~^.*.mywebsite.com$" and it gets logged in the Application Gateway as "ERRORINFO_REQUEST_URI_INVALID". We would like to prevent such wildcard requests at the Web Application…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
asked 2024-09-25T02:45:36.1433333+00:00
Prasanna Srinivasan 0 Reputation points
answered 2024-09-25T10:50:47.21+00:00
KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee
1 answer

going with the application gateway in fornt of azure firewall does it lose the benefit of l7 load balancing

I have an Azure firewall in a hub and spoke architecture, and one of the spokes contains my web servers, for HTTPS filtering I have an application gateway with the WAF feature and l7 load balancing. I have a requirement to keep centralized security…

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
685 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
456 questions
asked 2024-09-23T06:26:52.93+00:00
Mohammad Nemer 0 Reputation points
answered 2024-09-23T10:20:18.8833333+00:00
KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee