Unintentionally deletion of a WAF HTTP Listener Association with an AGW + AGIC + AKS. Meanwhile, the associcated AGW HTTP Listener still existing.
Here are existing components:
WAF Policy:
- Custome rule
- Associated application gateways: HTTP Listener, fl-2991a50d204b26a829717bbebe722d00
AGW + AGIC + AKS:
- AGW has fl-2991a50d204b26a829717bbebe722d00 -> rr-2991a50d204b26a829717bbebe722d00 -> a backend target which is AKS service
- AGIC standing in the middle of AGW -> AKS
- AKS has an USER node pool hosting service, pods that linked with fl-2991a50d204b26a829717bbebe722d00
The requirement is WAF policy allows only a list of IP addresses to access into this HTTP Listener fl-2991a50d204b26a829717bbebe722d00, the others HTTP Listener still be allowed to publicly be accessed.
Everything worked as expected until the HTTP Listener Association removed automatically after a period of time.
Even the Listener, Routing Rule, Backend Targets still persist in the AGW.
And it seems that the AGIC ingresscontroller pod did the removal of the association.
This issue forces me to "re-Add" the Association every time to have WAF policy rule applied.
Please! Could you share any idea on fixing this issue in AGW or WAF policy.
Huge thanks!