Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
979 questions
1 answer
One of the answers was accepted by the question author.
How to exception "920440 - URL file extension is restricted by policy" rule in some use-case without decrease security or risk?
Some times app and client needs to download the some DLL files and the WAF blocked request based on "920440 - URL file extension is restricted by policy" role. Show in the below sample log: requestUri_s:…
asked 2023-12-08T23:42:41.3366667+00:00
Mohsen Akhavan
936
Reputation points
edited a comment 2023-12-12T22:13:43.4033333+00:00
Mohsen Akhavan
936
Reputation points
2 answers
One of the answers was accepted by the question author.
Why does WAF block WebResource.axd / ScriptResource.axd?
In rule Microsoft_DefaultRuleSet-2.1-PROTOCOL-ENFORCEMENT-920440, among other things, it blocks WebResource.axd and ScriptResource.axd. The blocks are probably due to CVE-2010-3332 which have long since been patched. Why does WAF still have this as a…
asked 2023-02-26T04:13:27.6133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 43%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Steve Wardell
21
Reputation points
answered 2023-12-05T08:51:33.7933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 30%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Adam Page
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How to resolve 403 errors for a service after changing WAF policy to protection mode?
We created a WAF policy with DETECTION mode on an application gateway but had to change it to PROTECTION mode as per security rules. Since then, there are 403 errors for one service. How can we resolve this issue?…
asked 2023-11-17T15:32:13.0766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 75%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Muthuramalingam, Bhuvaneswari
20
Reputation points
accepted 2023-12-05T07:14:55.34+00:00
Muthuramalingam, Bhuvaneswari
20
Reputation points
1 answer
WAF v2 - Exclusion lists
Hi, I configured an Application Gateway with Web Application Firewall in Azure. I am receiving several false positive blocks for the application that communicates with the gateway. I checked the Microsoft tutorial on the exclusion list, but I'm not sure…
asked 2023-11-28T17:09:07.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 47%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E0%3C/text%3E%3C/svg%3E)
000
0
Reputation points
commented 2023-12-01T14:47:27.0866667+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
Azure WAF success stories
Where can I find a report looking back two years on Azure WAF success stories?
asked 2023-11-26T21:04:11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 70%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOA%3C/text%3E%3C/svg%3E)
Obinze Asagwara
0
Reputation points
commented 2023-11-30T06:20:41.3033333+00:00
KapilAnanth-MSFT
37,646
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure WAF Exclusion Issue
Hi I'm trying to whitelist a request on the WAF. I have gone through the Microsoft URL and I know how to manage exclusions yet the exclusion keeps failing. Below is the request I need to add Below is my exclusion policy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 64%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
0 answers
How to associate WAF to an existing Application Gateway using REST API
Hello team, We have an existing application gateway, and I want to automate associating a WAF policy on this existing gateway. I am using Ansible URI module to achieve this, hence exploring API for WAF Association. I want to achieve association using…
asked 2023-11-22T17:43:21.6133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 94%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Ravalia Krutika Harishbhai
40
Reputation points
commented 2023-11-28T02:00:17.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
23,821
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure Gateway File Upload Limits (4GB) even if Policy to inspect body is disabled or exclusion rules applied
We are receiving the following HTTP errors when uploading files larger than 4GB. 413 Request Entity Too Large 413 Request Entity Too Large Microsoft-Azure-Application-Gateway/v2 According to official MS Azure documentation* its states the…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 39%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHV%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
how to disable specific owasp 3.2 rule for a specific URI in azure waf v2
Hello, I need to ignore a specific OWASP rule in my WAF V2. I have multiple requests with different request URIs, for example, https://www.example.com/abc/def/xy In add exclusion, waf consider just the "Request headers," "Cookie,"…
asked 2023-11-17T13:33:35.8733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
SLIMANI Smail OBS/DD
40
Reputation points
accepted 2023-11-22T09:50:30.0633333+00:00
SLIMANI Smail OBS/DD
40
Reputation points
1 answer
How do we configure alerts for azure web application firewall.
Hello, We are trying to configure alerts for azure-WAF mostly focusing on the blockers when there is a blocker on the firewall due to a request we have to receive alerts and information. Any suggestions could be helpful. Thanks.
asked 2023-11-08T10:38:22.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 91%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
rohith v
0
Reputation points
commented 2023-11-21T14:08:59.4133333+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
中国地区ssh可以登录微软云服务器,web页面无法访问
中国地区ssh可以登录微软云服务器,web页面无法访问搭建在微软云服务器上的web服务,
asked 2023-11-20T11:41:39.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 95%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
均 杨
0
Reputation points
answered 2023-11-21T02:51:33.3766667+00:00
ChaitanyaNaykodi-MSFT
23,821
Reputation points Microsoft Employee
1 answer
Azure Web Application Firewall- Microsoft_BotManagerRuleSet_1.0
This post is regarding the azure WAF unknown bots and its rules at the moment for us rule id 300700 'other bots' is being logging with errors for various API'S, i didn't see any information can anyone has more inputs on the existing issue will be…
asked 2023-11-08T07:31:22.3733333+00:00
rohith v
0
Reputation points
commented 2023-11-13T16:39:52.5766667+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Best Approach to Restrict Browser Access to Azure Web App Services' Backend while Permitting Front-end and API Requests through Application Gateway with WAF
We have a setup consisting of Azure Web App Services for both front-end and back-end operations, integrated with an Application Gateway and a single Web Application Firewall (WAF) configured in a multitenant environment. Our primary concern is…
asked 2023-11-01T07:14:08.81+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 40%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
sindhu sneha
150
Reputation points
commented 2023-11-09T19:42:58.2366667+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Is Application gateway with WAF send outbound traffic to internet?
In a specific scenario where both an Application Gateway with Web Application Firewall (WAF) and Azure Firewall are deployed in parallel, handling incoming HTTP and HTTPS traffic, there's a question regarding the capability of the Application Gateway and…
asked 2023-11-09T13:56:38.73+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 88%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOP%3C/text%3E%3C/svg%3E)
Omkar Pasalkar
71
Reputation points
commented 2023-11-09T16:06:05.44+00:00
Omkar Pasalkar
71
Reputation points
1 answer
the Azure waf blocks the launch of an .exe which I need
Hello, I have a very special setup, so I hope you can help me :) I have set up an Azure Front Door to use WAF, and I have added my Windows virtual machine behind the firewall. It's important to understand that my web application uses a special web…
asked 2023-10-27T10:02:16.0833333+00:00
Morsi MASMOUDI
46
Reputation points
answered 2023-11-07T16:25:41.37+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Create Front-door Premium WAF Policy using Rest API call fails for Microsoft_DefaultRuleSet_2.1
Hi team! I am trying to create a Web Application Firewall for Front Door Premium Tier using REST API, It works with 1.x versions of Rule Set, but it fails when Managed Rule is set to 2.x version (Eg. Microsoft_DefaultRuleSet 2.1) with error "This…
asked 2023-11-03T07:02:56.2+00:00
Ravalia Krutika Harishbhai
40
Reputation points
accepted 2023-11-07T11:36:59.3933333+00:00
Ravalia Krutika Harishbhai
40
Reputation points
0 answers
Query Azure Front Door WAF Logs
Hello MS Q&A I have a Front Door Premium with WAF, and experiencing number of "blocks" on rule "942340" I have no issues in query the logs, but unable to query what exactly the specific rule is blocking. I have tried with many…
asked 2023-10-26T11:34:58.7466667+00:00
Nibbler
616
Reputation points
commented 2023-11-01T03:14:11.91+00:00
ChaitanyaNaykodi-MSFT
23,821
Reputation points Microsoft Employee
1 answer
Best practices for blocking anonymous IP traffic (Azure)
Hi all. Could anyone tell me if there is a best practice for blocking traffic from VPNs or Anonymous proxies using Azure WAF? I see that there are a number of services (eg. IP2Location, MaxMind, Queue-it, IPHub) that provide lists of these IPs, but…
asked 2022-06-11T19:33:56.043+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 98%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Conor
6
Reputation points
commented 2023-10-26T10:19:41.3533333+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
To restrict a domain from public access in Azure
Hi Team, I have application server which is mapped to application gateway with WAF 2. My application servers, have multiple services with different port. Like Port 443, 8080 and 8443. Especially HTTPS port - 443 pointed to two domains. For example:…
asked 2021-07-28T02:05:55.24+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELN%3C/text%3E%3C/svg%3E)
Lakshmi Narayanan
71
Reputation points
edited the question 2023-10-26T09:48:13.2533333+00:00
GitaraniSharma-MSFT
48,191
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
「A potentially dangerous Request.Form value was detected from the client」
I am building a web server in Azure with a configuration of CDN - WAF - WebApps. This is a .Net Framework web application. Because requestValidationMode="4.0" "A potentially dangerous Request.Form value was detected from the…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 57.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)