WAF drop silently instead of returning 403

Question

Hi, is it possible, when using WAF, silently drop requests, coming from forbidden clients, instead of returning 403? We are using custom rules, where allowed IP addresses are described. So all requests from remote location, which aren't in allowed list, need to be silently dropped without any responses toward requesters. Thank you.

Answer 1

@Volodymyr Litovka

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to configure the Application gateway WAF to drop the packet without sending a response.

I checked this internally and this is not feasible with WAF as of now.

The WAF will always send a response code.

However, you can achieve this behavior by using NSGs on the Application Gateway subnet.

• Define the list of IP Addresses you'd like to block and create a DENY Rule.
• The packets coming from these IPs will be dropped by NSG itself.
• However, make sure the NSG has the Required security rules

Cheers,

Kapil

---

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.

Answer 2

you can configure Azure Web Application Firewall (WAF) to effectively "silently drop" requests from disallowed IPs. while Azure WAF doesn't explicitly offer a silent drop action, you can achieve a similar result

for detailed documentation

https://docs.microsoft.com/en-us/azure/web-application-firewall/

Since you're using custom rules for allowed IP addresses, adjust these rules for your requirements. Instead of the default "Block" action, which returns a 403 response, configure a custom response. You might choose to send a 200 OK status with an empty body. This doesn't exactly 'drop' the request but doesn't give away that it's being blocked. For a more true silent drop, you could route disallowed traffic to a non-existent endpoint, essentially dropping the requests. This requires careful setup to avoid affecting legitimate traffic.