Azure FrontDoor (classic) and WAF can not stop brute-attacks! There is no global rate-limit configuration!
Hello, Questions first; Is there any way of configuring FrontDoor/WAF to stop brute-attacks with Global Rate Limit or some other way? If we can not stop brute-attacks via FrontDoor/WAF, then what is Microsoft's offer to apply those logic,…
How to configure WAF v2
Im trying to reach a Onprem Web Service: vm.domain.com:44300/sap/bc/ui2/flp/Launchpad.html?sap-language=es I have my WAF v2 (azure application gateway) and it works, but wehn I try to configure to reach…
WAF for protect onprem website - hosted- website
Good morning. We have many websites hosted on different solutions currently protected by a physical web application firewall onpremise. I would like to dispose this device to use the azure waf to protect all corporate websites and apps, is it…
Application Gateway WAF policy and geo location mess
What a mess... So I wanted to add an application gateway with WAF in front of my internal load balancer so it will be accessible from the internet via the app gw public IP and protected with WAF and accessible only from Israel via a geo location…
Azure application gateway (WAF Policy)
If possible could you please give me a quick solution regarding Application Gateway (WAF Policies). i have a scenario like my client given me task about to keep close required URLs (Eg: facebook,net, youtube.com etc) for external use and only…
Azure App Gateway v2 WAF difference?
I have a v2 sku app gateway with several URLS and back end pools works great. There is a message that says "Upgrade to the WAF tier to increase your app's security." which, "looks" like you simple hit the slider over and then press…
What is the best way to pass data to an API through an Azure Application Gateway and WAF and avoid false positives
I have a back-end API that I am sending data to and some data triggers the WAF to BLOCK that should not. I am considering base64 encoding the data but that seems unnecessary. Example payload that fails: { "username":…
Content Delivery Network WAF Policy
Hi Does Content Delivery Network WAF Policy associated with Microsoft Standard CDN provide protection against Crawlers and scanners. Protect applications from bots If not then is there any document to create custom ruleset for Content…
enable diagnostics on WAF with ARM template
I was looking for enabling diagnostics on WAF for ApplicationGatewayFirewallLog in ARM template, to send them to Log Analytics workspace, however I haven't find any reasonable solution. Could you please advise what is the best way of achieving this?
Connecting VM to apps in a seperate resource group
I need some insight on how to connect a VM in a separate resource group to apps in another resource group that is fire-walled off with a public ip. Is it as simple as creating rules on the firewall to allow inbound traffic from the VM's public IP? or is…
Azure Web Applicion Gateway and Firewall
This is all a bit confusing. I think I know what I need, but can't figure out pricing. Azure is not very transparent with pricing. This is what I am trying to accomplish. Our application is simply a Web Application that also services API's from…
Permit a few sites to operate on Auze VM
We want traffic blocked on our VMs and limited to only a few trusted sites. How to configure / make such a rule. A handful of 10 sites should only open from the internet on the VM and the rest should be all blocked.
Application Gateway Update HTTP_HOST server variable
Hi Team, is it possible to update HTTP_HOTS SERVER variable value in azure application gateway or apache2?
Use Fortigate Nextgent firewall vm to Protect AKS
Hi All, Can help suggestion me for implement following reference solution architecture below? i want to use Application gateway WAF v2 recieve traffic from internat and then snat to Fortogate firewall and dnat to AKS and Web App service. …
Why doesn't the portal UI work for multiple hostnames, and why only 5 hostnames allowed?
The Application Gateway v2 / WAF V2 allows listeners with multiple hostnames, but only using the CLI interface. Why isn't the portal updated to allow this yet? It's fairly fundamental functionality isn't it? Why only 5 hostnames? We have (for…
tailing slash redirection app service
Hi All, My app service added tailing slash on the URL and re
WAF policy on application gateway to limit access to only few IP ranges ?
Hi All, Would you mind to help me to configure my application gateway with WAF to limit access to one of my web apps. I would like to allow traffic to this web apps from only few IP ranges. Do you have any idea to achieve this requirement Thank…
Altough I disable the Rules in the WAF still appears matches to this particular rules.
Since some weeks, althoug I have some rules disable in the Web Application Policies, the logs are still showing matching in this rules. Is this a new behaviour or there is somehting wrong?.
Difference between WAF in Application Gateway and WAF Policy assigned to Application Gateway
If I create a new Azure Application Gateway, I can enable Web Application Firewall via the Settings | Web application firewall page. e.g. If I do that, I don't see a separate WAF resource created, and I also don't see a way to do things…
Route API(Hosted on a Azure VM) through App Gateway - WAF || No API Managemennt Service to use
Hi Support team., Use Case : I have Host couple of my API's on a Azure VM and now I want to route the inbound and outbound traffic of Accessing API via. Application Gateway WAF., question for the same are as follows.: Is it possible to achieve…