Azure Web Application Firewall
An Azure service that provides protection for web apps.
290 questions
0 answers
How to connect public web app to private internal resources
We have a Public web app which is acting as the front end and it should be accessible for users publicly, and we have some resources like storage accounts, Search indexers which used by web app to query data and give output to the users. Our goal is to…
asked 2024-06-03T09:06:46.3866667+00:00
M.Chamara Sampath Fernando
5
Reputation points
commented 2024-06-03T14:18:34.2966667+00:00
KapilAnanth-MSFT
37,646
Reputation points Microsoft Employee
2 answers
Managing 200 Websites with Application Gateway and WAF Protection
Hello, I have a single server that is currently hosting over 200 websites. Is it possible to manage all these websites using an application gateway and protect them with a WAF?
asked 2024-05-29T07:27:34.4466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 23%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Nitin Arora
25
Reputation points
commented 2024-05-30T12:48:39.8833333+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Allow access through WAF only for whitelisted IPs
I have an Azure Application Gateway where I manage a few client domains. I have a few production and staging domains routed to this application gateway, which I manage where I need them to be pointed to. When I was working with the domains pointed…
asked 2024-05-27T19:21:18.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 0%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raphael Pereira
20
Reputation points
accepted 2024-05-28T15:42:38.56+00:00
Raphael Pereira
20
Reputation points
1 answer
How do I configure the Azure Application Gateway / backend pool to drop requests that are blocked by the WAF as the log file indicate the request was blocked but the script ends up in the database.
requests blocked by the WAF are being forwarded to the backend API servers. How do you configure the backend pool or WAF to drop requests that are blocked by the WAF.
asked 2024-05-16T08:21:12.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 90%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Derek Green
0
Reputation points
commented 2024-05-28T15:39:54.6866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
23,821
Reputation points Microsoft Employee
0 answers
http2 compatibility
We have 2 environments were WAF is configured. In the DEV environment, its working on http2 In the UAT environment, its not working on http2. When the WAF configuration is change, it works on http1.1. I have provided some detains below (you will see…
asked 2024-05-21T16:42:57.35+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 73%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Fobuzie, Marleo
0
Reputation points
commented 2024-05-22T05:20:22.98+00:00
KapilAnanth-MSFT
37,646
Reputation points Microsoft Employee
1 answer
Configuring exclusions on Applicaiton Gateway WAF
Hello, At present we are using an Application Gateway WAFv2 (in monitor mode) for web applications hosted on the backend VMs. We want to move the WAF to prevent mode, but based on the logs collected we think many legitimate requests will be blocked,…
asked 2022-03-07T18:21:46.043+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 26%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Ashish Gupta
1
Reputation point
commented 2024-05-20T17:22:02.3733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 90%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Morgan Ecklund
0
Reputation points
1 answer
One of the answers was accepted by the question author.
WAF (v2) Managed Exclusion Rule difficulty with a particular request.
Hi experts.. I have a particularly troublesome request being blocked and am seemingly unable create a suitable managed exclusion rule, although it appears that it should be possible. We have an asp.net (web forms) application that uses SSRS ReportViewer…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
1 answer
I want to block certain regions of a country on application gateway and not entire country how can I do that
I want to block certain regions in country based on iso code and azure only gives me option to do it for entire country. How can I implement it for a region in country
asked 2024-05-14T20:00:33.4566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 57.99999999999999%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Kajal Kothari
0
Reputation points
edited an answer 2024-05-17T11:07:24.1833333+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to add correct exclusion on Azure WAF?
Greetings. Please help in creating an exception to the rule: OWASP_3.2 - Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link. My web application generates requests like: …
asked 2024-05-13T11:59:44.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 36%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYT%3C/text%3E%3C/svg%3E)
Yurii Tsarienko
20
Reputation points
edited the question 2024-05-14T13:53:35.8033333+00:00
KapilAnanth-MSFT
37,646
Reputation points Microsoft Employee
0 answers
I would like to check if there is a possibility to block based on device ID in WAF
we need to block the requests in waf based on the client device ID . How can we achieve it. And also is there any way to know the device ID of the user from waf logs
asked 2024-05-12T19:28:38.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 32%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Madhavi Sri
0
Reputation points
commented 2024-05-13T09:48:05.06+00:00
KapilAnanth-MSFT
37,646
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Upgrade your legacy WAF configuration to WAF policies
I have received "high impact" Advisor recommendations from azure to "Upgrade your legacy WAF configuration to WAF policies". I have tried to follow as per suggested in the following…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 1%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Publish an application with NTLM authentication
Hello, Azure has an authentication application that is configured to use the NTLM AD provider. This is a virtual machine with IIS and users logged into the domain transparently open the site without authentication. We would like to protect applications…
asked 2024-05-10T18:04:38.6366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Mountain Pond
1,346
Reputation points
edited a comment 2024-05-12T21:44:25.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sina Salam
4,811
Reputation points
1 answer
Application Gateway WAF v2 only allow specfic IP Traffic
Hi Team, I have setup a custom rule in WAF previously to only allow few IP to access AGW. However the same rule doesn't works today. Current outcome by setting different combination like either Blocking or Allowing ALL traffic, instead of specific…
asked 2024-05-09T14:14:58.09+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWT%3C/text%3E%3C/svg%3E)
William Tang
0
Reputation points
answered 2024-05-10T03:00:16.28+00:00
ChaitanyaNaykodi-MSFT
23,821
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
we cannot see the request in the firewall logs from application gateway
When we send the request from postman API request is getting success also seen in database(ssms), application gateway but we cannot see the request in the firewall logs what is the issues and how to solve this error we are using this below query in…
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
979 questions
Azure Web Application Firewall
Azure Web Application Firewall
An Azure service that provides protection for web apps.
290 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,085 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
31 questions
asked 2023-11-03T12:25:26.3333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 69%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Mayank Jain
260
Reputation points
edited the question 2024-05-07T15:52:43.4566667+00:00
bharathn-msft
5,086
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Exclude waf rule 944130(Suspicious Java classes)
Hi I have a web application which has WAF owasp3.2 enabled and its blocking a specific url (/polarion/gwt/com.polarion.UI/PortalDataService) Detailed Data: {java.lang.string found within…
asked 2024-04-30T05:34:57.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 55.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Jagadish Karem
26
Reputation points
accepted 2024-04-30T08:30:16.36+00:00
Jagadish Karem
26
Reputation points
1 answer
One of the answers was accepted by the question author.
About the difference web application firewall policy custom rule
Hello. Thanks for your interest in my topic. I need clarification on the difference between the web application firewall policy in azure frontdoor and the web application firewall policy in application gateway. In the waf policy for application…
asked 2024-04-22T08:42:29.3433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
romero
105
Reputation points
commented 2024-04-22T10:28:22.72+00:00
KapilAnanth-MSFT
37,646
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Questions about the version of the CRS in Azure WAF
Hi, thanks for your interest in the topic. I have a question about the CRS version of Azure WAF. Is the latest 3.2 version of CRS in azure waf created based on the 3.2 version of OWASP? The current version of OWASP is 4.1. Compared to that, the Azure…
asked 2024-04-17T09:20:29.2833333+00:00
romero
105
Reputation points
commented 2024-04-18T10:23:54.53+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Confusion between WAF with Application Gateway and FrontDoor when securing custom Web Apps running on Azure VM published to the internet ?
Could you please let me know which Azure technology can be used to minimize the attack surface for safely publishing a Virtual Machine as a Web App on the internet? WAF with Application Gateway:…
asked 2024-04-12T12:12:14.38+00:00
EnterpriseArchitect
4,896
Reputation points
commented 2024-04-17T13:31:35.5466667+00:00
KapilAnanth-MSFT
37,646
Reputation points Microsoft Employee
7 answers
When to use Azure WAF or Azure Firewall ?
Hi Folks, Can anyone here please share some thoughts and comments of when to use Azure WAF or Azure Firewall? I have already existing Azure ExpressRoute so my Azure VMs can ping my OnPremise servers, and vice versa. My purpose here is to be able to…
asked 2020-11-15T13:17:27.597+00:00
EnterpriseArchitect
4,896
Reputation points
answered 2024-04-16T12:18:12.6+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 96%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
carlintveld
26
Reputation points
1 answer
One of the answers was accepted by the question author.
WAF azure websocket problem
Hey everyone, I have trouble with app-gw and WAF. The problem is that we implement a websocket and in the app-gw log comes this one: error_info_s: ERRORINFO_UPSTREAM_TIMED_OUT WAFMode_s: Prevention Have another app-gw without WAF and the same config,…
asked 2024-04-05T11:43:25.07+00:00
Nasimjon Tohirov
231
Reputation points
accepted 2024-04-12T09:35:54.9466667+00:00
Nasimjon Tohirov
231
Reputation points