Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
580 questions
1 answer
One of the answers was accepted by the question author.
Setting up azure firewall premium policies
I am trying to implement Azure firewall premium for our existing infrastructure using terraform to enable the IDPS feature. But the main issue I am facing is the azure firewall policies(Dnat rules) which I created are not working or not getting attached…
asked 2024-01-23T16:17:49.2633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 83%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERN%3C/text%3E%3C/svg%3E)
Reshma Nair
120
Reputation points
accepted 2024-01-30T08:08:01.76+00:00
Reshma Nair
120
Reputation points
1 answer
One of the answers was accepted by the question author.
WAF for Azure Application Gateway - Which ruleset is better -DRS 2.1 or OWASP 3.2
I am using a WAF to secure Application Gateway. Azure portal provide option to choose either of two default rule sets: Microsoft Default Rule Set 2.1 OWASP 3.2 Although documentation says that both rule sets are applied by default in detection mode.…
asked 2024-01-23T14:51:12.5066667+00:00
Rajiv Bansal
141
Reputation points
commented 2024-01-29T23:25:47.2566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
23,341
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How do I customize a unique response schema for 4xx and 5xx?
I'm working on the Application Gateway and tried Custom error pages for response customized. My purpose is to return a same json schema for different codes(4xx/5xx) which may due to WAF rules blocked request so I write a json data into the *.html. { …
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 15%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENY%3C/text%3E%3C/svg%3E)
2 answers
How to have common rule enable for all Azure functions with ALLOW access
Azure functions are exposed to upstream through Azure Front Door. We will enable WAF at Front door to allow the access from all other upstream or other valid data center IP ranges including VPN. We need to restrict the access to the Azure functions only…
asked 2024-01-19T23:45:07.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 11%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Admin_BMAZHUVANCHERY
0
Reputation points
commented 2024-01-25T04:35:16.12+00:00
MayankBargali-MSFT
69,316
Reputation points
3 answers
One of the answers was accepted by the question author.
WAF Front Door as an IDS/IDP system
Can Web Application Firewall on Front Door function as an Intrusion Detection/Prevention System? The IDPS systems I've seen for Azure don't look like they will work with Front Door since it is an Edge system. Am I correct in that? Thanks, Eric…
asked 2022-02-23T20:03:37.433+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 62%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEL%3C/text%3E%3C/svg%3E)
Eric Logsdon
41
Reputation points
commented 2024-01-24T15:39:32.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 97%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Aaron Gregory
0
Reputation points
1 answer
WAF in AZURE Environment
Hi, I am currently exploring the implementation of Web Application Firewall (WAF) in my existing Azure VM setup and would appreciate your guidance on the following aspects. To provide you with a brief overview of my current configuration, I have a…
asked 2024-01-18T01:40:20.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 47%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Muhd Azhar
45
Reputation points
commented 2024-01-24T06:44:14.0066667+00:00
KapilAnanth-MSFT
36,311
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
IIS Web Application stops connecting to sftp server after being put it behing Azure Web Application Firewall
Hi Community, Happy 2024! I have a Windows Machine with IIS Web Application which makes conections to SFTP Server from some customers. We implemented Azure WAF and put this application behind it. We also dettached the public ip address from the server…
asked 2024-01-12T14:17:35.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Mirella Pellizzon Petruci
61
Reputation points
commented 2024-01-17T02:30:50.9933333+00:00
ChaitanyaNaykodi-MSFT
23,341
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
How to configure web deploy when a .net application is behind azure waf?
Hi everyone, Before implementing Azure Waf, we used to open an inboud port 8172 in a NSG in our Windows Virtual Machine running IIS 10.o, to deploy our changes to our .net applications. After implementing WAF, I can´t do this anymore. Since my…
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,225 questions
Visual Studio
Visual Studio
A family of Microsoft suites of integrated development tools for building applications for Windows, the web and mobile devices.
4,665 questions
Azure Web Application Firewall
Azure Web Application Firewall
An Azure service that provides protection for web apps.
286 questions
asked 2022-06-22T21:48:32.31+00:00
Mirella Pellizzon Petruci
61
Reputation points
accepted 2024-01-12T17:15:45.0133333+00:00
Mirella Pellizzon Petruci
61
Reputation points
0 answers
Azure application gateway web application firewall configuration doesn't show the new rule id updated for cve-2023-50164
Hello, Based on the update from Azure regarding the waf ruleset update for cve-2023-50164 (https://azure.microsoft.com/en-in/updates/general-availability-security-update-for-application-gateway-waf-cve202350164/), the rule id is not reflecting in my…
asked 2024-01-02T16:14:49.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Alex
330
Reputation points
edited a comment 2024-01-11T03:42:16.4866667+00:00
ChaitanyaNaykodi-MSFT
23,341
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
XSS Filter - Category 3: Attribute Vector
This error is coming in azure waf logs so it is false promise or correct promise how to identify. How to resolve this issue any idea
asked 2023-12-21T09:23:28.09+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 37%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sharanaiyya Swami
30
Reputation points
accepted 2024-01-08T07:23:50.69+00:00
Sharanaiyya Swami
30
Reputation points
0 answers
How to fix Failed to parse request body, Multipart request body failed strict validation
This error is coming in azure waf logs so it is false promise or correct promise how to identify. How to resolve this issue any idea
asked 2023-12-14T06:48:42.2366667+00:00
Sharanaiyya Swami
30
Reputation points
commented 2024-01-02T13:04:27.82+00:00
GitaraniSharma-MSFT
47,931
Reputation points Microsoft Employee
1 answer
Request Header Cookies Exclusion Causes 403
We need to exclude request cookies from evaluation for a number of OWASP rules as cookies often randomly generate threats that are false positives for legitimate users. There is no clear documentation on how to exclude REQUEST_COOKIES, so we tried adding…
asked 2023-12-26T20:21:16.69+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 6%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Justin Griep
41
Reputation points
commented 2024-01-02T10:29:45.6033333+00:00
GitaraniSharma-MSFT
47,931
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Confuse in Azure WAF behavior with different browsers
Hello, I have an Azure Application gateway (WAF) that prevention mode is enabled and the OWASP 3 and the Microsoft Bot rule are activate. I checked my web application with chrome and refresh and sent many requests with Chrome. Now I received 403…
asked 2023-12-20T23:28:57.28+00:00
Mohsen Akhavan
936
Reputation points
accepted 2023-12-22T21:14:38.7266667+00:00
Mohsen Akhavan
936
Reputation points
1 answer
False positives elimination in Azure WAF
Hello We have adopted for Azure WAF in our environment, as of now WAF is in detection mode we want to move it to prevention mode, but before doing it we want to identify which detections are legitimate and which are not. we have sentinel workbooks to…
asked 2023-12-07T09:16:58.44+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 97%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKN%3C/text%3E%3C/svg%3E)
Kondlyada, Navaneeth Reddy
0
Reputation points
commented 2023-12-14T12:21:13.5466667+00:00
GitaraniSharma-MSFT
47,931
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
WAF drop silently instead of returning 403
Hi, is it possible, when using WAF, silently drop requests, coming from forbidden clients, instead of returning 403? We are using custom rules, where allowed IP addresses are described. So all requests from remote location, which aren't in allowed list,…
asked 2023-12-08T15:25:45.0766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 4%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Volodymyr Litovka
121
Reputation points
commented 2023-12-13T12:33:25.0033333+00:00
Volodymyr Litovka
121
Reputation points
1 answer
One of the answers was accepted by the question author.
How to exception "920440 - URL file extension is restricted by policy" rule in some use-case without decrease security or risk?
Some times app and client needs to download the some DLL files and the WAF blocked request based on "920440 - URL file extension is restricted by policy" role. Show in the below sample log: requestUri_s:…
asked 2023-12-08T23:42:41.3366667+00:00
Mohsen Akhavan
936
Reputation points
edited a comment 2023-12-12T22:13:43.4033333+00:00
Mohsen Akhavan
936
Reputation points
2 answers
One of the answers was accepted by the question author.
Why does WAF block WebResource.axd / ScriptResource.axd?
In rule Microsoft_DefaultRuleSet-2.1-PROTOCOL-ENFORCEMENT-920440, among other things, it blocks WebResource.axd and ScriptResource.axd. The blocks are probably due to CVE-2010-3332 which have long since been patched. Why does WAF still have this as a…
asked 2023-02-26T04:13:27.6133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 43%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Steve Wardell
21
Reputation points
answered 2023-12-05T08:51:33.7933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 30%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Adam Page
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How to resolve 403 errors for a service after changing WAF policy to protection mode?
We created a WAF policy with DETECTION mode on an application gateway but had to change it to PROTECTION mode as per security rules. Since then, there are 403 errors for one service. How can we resolve this issue?…
asked 2023-11-17T15:32:13.0766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 75%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Muthuramalingam, Bhuvaneswari
20
Reputation points
accepted 2023-12-05T07:14:55.34+00:00
Muthuramalingam, Bhuvaneswari
20
Reputation points
1 answer
WAF v2 - Exclusion lists
Hi, I configured an Application Gateway with Web Application Firewall in Azure. I am receiving several false positive blocks for the application that communicates with the gateway. I checked the Microsoft tutorial on the exclusion list, but I'm not sure…
asked 2023-11-28T17:09:07.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 47%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E0%3C/text%3E%3C/svg%3E)
000
0
Reputation points
commented 2023-12-01T14:47:27.0866667+00:00
GitaraniSharma-MSFT
47,931
Reputation points Microsoft Employee
1 answer
Azure WAF success stories
Where can I find a report looking back two years on Azure WAF success stories?
asked 2023-11-26T21:04:11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 70%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOA%3C/text%3E%3C/svg%3E)
Obinze Asagwara
0
Reputation points
commented 2023-11-30T06:20:41.3033333+00:00
KapilAnanth-MSFT
36,311
Reputation points Microsoft Employee