Azure Web Application Firewall
An Azure service that provides protection for web apps.
286 questions
1 answer
Azure Application Gateway Web Application Firewall (WAF) to provide exclusion for socket io
We apply the Azure Application Gateway Web Application Firewall (WAF) to provide additional preventions against malicious attacks such as SQL Injection, Cross-Site Scripting, etc on an Azure App Service. However, when I put the WAF in prevention mode,…
asked 2024-04-02T09:57:28.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 81%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Abdul Aziz Farooqi
0
Reputation points
answered 2024-04-02T10:48:58.6433333+00:00
KapilAnanth-MSFT
36,396
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure WAF Custom Rule - Match Type -Number
Could you provide more information on the match type number in custom rules for the WAF policy? I'm curious about its specific use cases and any details available. Additionally, I'd like to learn more about the Microsoft Bot Manager ruleset. What…
asked 2024-03-21T13:22:26.32+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 28.999999999999996%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Someiah C S
60
Reputation points
accepted 2024-03-22T11:13:30.1866667+00:00
Someiah C S
60
Reputation points
1 answer
Rate Limit on Azure WAF Frontdoor Premium not working as expected
We have created an Azure Frontdoor Premim Tier with a Web Application Firewall associated with it and we are having some issues with a specific rule we created to apply rate limiting. The rule is looking for a specific URL and specifies a limit of 2 http…
asked 2024-03-19T14:55:39.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 54%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFN%3C/text%3E%3C/svg%3E)
Fabián Avilés
5
Reputation points
commented 2024-03-21T15:56:01.6833333+00:00
GitaraniSharma-MSFT
48,011
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Tracking Rule Changes in Azure WAF: Seeking a Master File Solution
We use Azure WAF and make constant changes to rules for different applications (adding/removing exclusions, adding/removing custom rules, etc.). We are looking for a way to track all these changes. Is there a file or document (master file style) that we…
asked 2024-03-18T10:20:01.9733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 98%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sena Sarici
20
Reputation points
accepted 2024-03-21T12:46:30.7466667+00:00
Sena Sarici
20
Reputation points
1 answer
we need to Migrate Azure Application Gateway and Web Application Firewall from V2 to V1
Is Migrate Azure Web Application Firewall from V2 to nasic waf V1 , is it possible? and how can we do that? How can we reduce the trafic manager cost in azure?
asked 2024-03-12T02:58:41.6+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 16%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tamil Selvan M
0
Reputation points
edited the question 2024-03-19T06:29:38.95+00:00
KapilAnanth-MSFT
36,396
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Excluded Events in WAF
We've got WAF enabled in detection mode and have set up some exclusion rules to cut down on false positives. Now, I'm curious about the ratio of excluded events to matched events. Is there a way to view the logs of excluded events or run a query to…
asked 2024-02-26T10:08:56.1633333+00:00
Someiah C S
60
Reputation points
accepted 2024-03-11T08:58:53.58+00:00
Someiah C S
60
Reputation points
1 answer
One of the answers was accepted by the question author.
Confirm if IDPS in Azure firewall is active when behind Azure Application Gateway WAF
My scenario is: [Internet] -> [Azure AGWAF] -> [Azure Firewall] -> [Load Balancer] -> [App Servers] Azure Firewall is Premium, with IDPS & Threat Intelligence enabled. Inbound HTTPS traffic hits the AGWAF, is (WAF) filtered and then…
asked 2023-11-23T17:09:08.3+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 23%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Clive Crocker
66
Reputation points
accepted 2024-03-07T18:48:24.6933333+00:00
Clive Crocker
66
Reputation points
1 answer
separate WAF policy for each frontend domain on Frontdoor.
Hi Team, Greetings.. In Azure frontdoor can I setup different WAF and associate it for each frontend endpoint domain, for eg. abc.com -> waf1 api.abc.com -> waf2 api123.abc.com -> waf3 Many Thanks.
asked 2024-03-07T06:00:03.9033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 16%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Dhaval Shirsath
0
Reputation points
answered 2024-03-07T12:23:00.34+00:00
GitaraniSharma-MSFT
48,011
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
WAF error Request body length exceeded the limit
Our waf rules are blocking some content to our backend web servers; I searched the wag logs and found a few OWASAP rules but two in particular did not have a rule number associated with it, the error below. I searched the OWASP code links below as well…
1 answer
Not showing full chain of SSL certificate via application gateway
Even after setting up root CA certificate of SSL it doesn't show the full chain in for SSL certificate via application gateway.
asked 2023-07-20T15:42:37.85+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 8%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Neerav Agrawal
45
Reputation points
commented 2024-03-05T13:21:01.2566667+00:00
Viktor Korniienko
0
Reputation points
1 answer
Why does Azure application gateway rate limit WAF return a 403 and not a 429?
When Azure Application gateway rate limiter functions as expected, we were expecting a 429, but instead, a 403 is returned. Why is this?
asked 2024-03-04T13:57:27.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 30%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Levi
20
Reputation points
answered 2024-03-04T23:51:45.4833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
23,341
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Is Azure FrontDoor classic compatible with app service ?
Hi, Microsoft Team, I'm having trouble placing my app service behind azure frontdoor classic. My Backend config (App service) is this but i get this error message if i add my domain to allowed domain in my app service traffic is redirected to the app…
asked 2024-02-29T01:26:06.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 35%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Rafael Gil Sanchez
106
Reputation points
accepted 2024-03-04T02:58:19.9+00:00
Rafael Gil Sanchez
106
Reputation points
0 answers
AFD WAF - How to configure custom rule for CookieName request attribute
@Anonymous Hoping you can help me. I have WAF on AFD with DefaultRuleSet_2.1. I am seeing blocks associated with matchVariableName value CookieName. Based on this resource, I understand that I cannot use an exclusion for this attribute type at this…
asked 2024-02-09T14:27:04.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 64%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
Brittany Wolf
1
Reputation point
commented 2024-03-02T01:51:24.05+00:00
ChaitanyaNaykodi-MSFT
23,341
Reputation points Microsoft Employee
1 answer
more than 12K or 18K URL under block for particular rule like SQLI or XSS how can we make false positive by custom or exculsion
Result of latest scan on application associated with AFD-WAF, we observed for reach rule blocked under SQLI and XSS are more than 12 K URLs, and all are under blockage because of just one or more char like ",: etc. which are must required part of…
asked 2024-02-27T09:10:45.4066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 48%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Parmeshwar Mukhede
0
Reputation points
commented 2024-02-29T04:28:51.35+00:00
KapilAnanth-MSFT
36,396
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure Application Gateway WAF blocking some requests with OpenID Connect nonce cookies
The default rules of Azure Web Application firewall sometimes block requests containing a cookie set by Microsoft.AspNetCore.Authentication.OpenIdConnect During challenge redirect the AuthenticationHandler sets a cookie named:…
asked 2021-11-10T08:41:43.057+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 65%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENN%3C/text%3E%3C/svg%3E)
Niklas Nielsen
31
Reputation points
commented 2024-02-27T16:58:58.29+00:00
Brittany Wolf
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Most cost effective way to secure 2 VMs running a webserver
Hey, I am conducting a project where I will have 2 VMs for redundancy, they will have the same configuration. The VMs will essentially be running docker, portainer and OpenCTI. What is the best way to secure these, there seems to be so many…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 86%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
1 answer
Trying to update an Azure Firewall policy
I'm trying to update the firewallpolicy by adding an new ipadres to block with a powershell script, but getting this error: "Specified api-version '2022-01-01' does not meet the minimum required api-version 2022-07-01 to enforce rate limiting on…
asked 2024-02-12T21:18:10.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 35%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SS
0
Reputation points
answered 2024-02-13T02:48:28.5933333+00:00
ChaitanyaNaykodi-MSFT
23,341
Reputation points Microsoft Employee
1 answer
It is possible to integrate a multi-region high availability design into the diagram shown below, using the active-active strategy at capacity and automatic scaling
It is possible to integrate a multi-region high availability design into the diagram shown below, using the active-active strategy at capacity and automatic scaling.
asked 2024-02-07T15:45:29.97+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 72%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Jhonny Alberto Ramirez Urbaez
0
Reputation points
edited an answer 2024-02-12T05:10:40.17+00:00
KapilAnanth-MSFT
36,396
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Implementing Azure Firewall and Application Gateway in parallel
We have an existing Azure Application Gateway(AGW subnet) with WAF policies defined in our main VNET where host(host subnet) and proxy(proxy subnet) machines also reside. We have another VNET for SFTP servers(sftp subnet). Now we are implementing Azure…
asked 2024-02-01T13:17:57.8833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 83%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERN%3C/text%3E%3C/svg%3E)
Reshma Nair
120
Reputation points
accepted 2024-02-05T09:49:43.3366667+00:00
Reshma Nair
120
Reputation points
1 answer
Application Gateway needs Load Balancer?
Our infrastructure for our web application needs to be compliant with the following security requirement. For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected against…
asked 2024-01-26T15:42:46.7766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 73%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Santiago Marrone
0
Reputation points
answered 2024-02-02T13:21:58.6366667+00:00
KapilAnanth-MSFT
36,396
Reputation points Microsoft Employee