293 questions with Azure Web Application Firewall tags

Sort by: Updated
0 answers

Unintentionally deletion of a WAF HTTP Listener Association with an AGW + AGIC + AKS. Meanwhile, the associcated AGW HTTP Listener still existing.

Here are existing components: WAF Policy: Custome rule Associated application gateways: HTTP Listener, fl-2991a50d204b26a829717bbebe722d00 AGW + AGIC + AKS: AGW has fl-2991a50d204b26a829717bbebe722d00 ->…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,952 questions
asked 2024-06-30T12:32:18.98+00:00
LyTien Dung 0 Reputation points
edited a comment 2024-07-03T02:56:07.99+00:00
LyTien Dung 0 Reputation points
1 answer

Is there any limitation on Patch requests on Azure Application Gateway?

I have an Azure Application Gateway (WAF mode is detection) and a web application in the backend in my edge network. Everything works well, but I have an issue with a "Patch" request. When I sent this request I received: 400 Bad…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
asked 2024-07-01T00:45:53.7166667+00:00
Mohsen Akhavan 746 Reputation points
commented 2024-07-02T06:32:35.3766667+00:00
KapilAnanth-MSFT 39,211 Reputation points Microsoft Employee
0 answers

How to set the exclusions for headers and header values

Wanna make exclusion for request headers and its values how to check due to what reason that request is being blocked

Azure Web Application Firewall
asked 2024-06-18T18:35:28.0266667+00:00
Nupur Patel 0 Reputation points
commented 2024-06-18T22:38:16.3566667+00:00
ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee
0 answers

Azure WAF Sensitive data scrubbing and InitialBodyContents match

We have requests that have application/x-www-form-urlencoded body contents which trigger false positives for the WAF rule "URL Encoding Abuse Attack Attempt" matching on the variable InitialBodyContents . Annoyingly part of the match contains…

Azure Web Application Firewall
asked 2024-06-14T01:19:10.6533333+00:00
Smock 0 Reputation points
commented 2024-06-18T14:22:54.6066667+00:00
KapilAnanth-MSFT 39,211 Reputation points Microsoft Employee
2 answers

Managing 200 Websites with Application Gateway and WAF Protection

Hello, I have a single server that is currently hosting over 200 websites. Is it possible to manage all these websites using an application gateway and protect them with a WAF?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
asked 2024-05-29T07:27:34.4466667+00:00
Nitin Arora 25 Reputation points
commented 2024-05-30T12:48:39.8833333+00:00
GitaraniSharma-MSFT 49,006 Reputation points Microsoft Employee
3 answers One of the answers was accepted by the question author.

Allow access through WAF only for whitelisted IPs

I have an Azure Application Gateway where I manage a few client domains. I have a few production and staging domains routed to this application gateway, which I manage where I need them to be pointed to. When I was working with the domains pointed…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
asked 2024-05-27T19:21:18.7+00:00
Raphael Pereira 20 Reputation points
accepted 2024-05-28T15:42:38.56+00:00
Raphael Pereira 20 Reputation points
1 answer

How do I configure the Azure Application Gateway / backend pool to drop requests that are blocked by the WAF as the log file indicate the request was blocked but the script ends up in the database.

requests blocked by the WAF are being forwarded to the backend API servers. How do you configure the backend pool or WAF to drop requests that are blocked by the WAF.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
asked 2024-05-16T08:21:12.23+00:00
Derek Green 0 Reputation points
commented 2024-05-28T15:39:54.6866667+00:00
ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee
0 answers

http2 compatibility

We have 2 environments were WAF is configured. In the DEV environment, its working on http2 In the UAT environment, its not working on http2. When the WAF configuration is change, it works on http1.1. I have provided some detains below (you will see…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,952 questions
asked 2024-05-21T16:42:57.35+00:00
Fobuzie, Marleo 0 Reputation points
commented 2024-05-22T05:20:22.98+00:00
KapilAnanth-MSFT 39,211 Reputation points Microsoft Employee
1 answer

Configuring exclusions on Applicaiton Gateway WAF

Hello, At present we are using an Application Gateway WAFv2 (in monitor mode) for web applications hosted on the backend VMs. We want to move the WAF to prevent mode, but based on the logs collected we think many legitimate requests will be blocked,…

Azure Web Application Firewall
asked 2022-03-07T18:21:46.043+00:00
Ashish Gupta 1 Reputation point
commented 2024-05-20T17:22:02.3733333+00:00
Morgan Ecklund 0 Reputation points
1 answer One of the answers was accepted by the question author.

WAF (v2) Managed Exclusion Rule difficulty with a particular request.

Hi experts.. I have a particularly troublesome request being blocked and am seemingly unable create a suitable managed exclusion rule, although it appears that it should be possible. We have an asp.net (web forms) application that uses SSRS ReportViewer…

Azure Web Application Firewall
asked 2024-05-14T09:15:50.92+00:00
Richard 20 Reputation points
accepted 2024-05-17T23:50:35.1766667+00:00
Richard 20 Reputation points
1 answer

I want to block certain regions of a country on application gateway and not entire country how can I do that

I want to block certain regions in country based on iso code and azure only gives me option to do it for entire country. How can I implement it for a region in country

Azure Web Application Firewall
asked 2024-05-14T20:00:33.4566667+00:00
Kajal Kothari 0 Reputation points
edited an answer 2024-05-17T11:07:24.1833333+00:00
GitaraniSharma-MSFT 49,006 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

How to add correct exclusion on Azure WAF?

Greetings. Please help in creating an exception to the rule: OWASP_3.2 - Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link. My web application generates requests like: …

Azure Web Application Firewall
asked 2024-05-13T11:59:44.36+00:00
Yurii Tsarienko 20 Reputation points
edited the question 2024-05-14T13:53:35.8033333+00:00
KapilAnanth-MSFT 39,211 Reputation points Microsoft Employee
0 answers

I would like to check if there is a possibility to block based on device ID in WAF

we need to block the requests in waf based on the client device ID . How can we achieve it. And also is there any way to know the device ID of the user from waf logs

Azure Web Application Firewall
asked 2024-05-12T19:28:38.02+00:00
Madhavi Sri 0 Reputation points
commented 2024-05-13T09:48:05.06+00:00
KapilAnanth-MSFT 39,211 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

Upgrade your legacy WAF configuration to WAF policies

I have received "high impact" Advisor recommendations from azure to "Upgrade your legacy WAF configuration to WAF policies". I have tried to follow as per suggested in the following…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
asked 2024-05-06T01:51:09.09+00:00
jazzspeed 20 Reputation points
accepted 2024-05-13T03:54:03.75+00:00
jazzspeed 20 Reputation points
1 answer One of the answers was accepted by the question author.

Publish an application with NTLM authentication

Hello, Azure has an authentication application that is configured to use the NTLM AD provider. This is a virtual machine with IIS and users logged into the domain transparently open the site without authentication. We would like to protect applications…

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
622 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
asked 2024-05-10T18:04:38.6366667+00:00
Mountain Pond 1,391 Reputation points
edited a comment 2024-05-12T21:44:25.38+00:00
Sina Salam 6,501 Reputation points
1 answer

Application Gateway WAF v2 only allow specfic IP Traffic

Hi Team, I have setup a custom rule in WAF previously to only allow few IP to access AGW. However the same rule doesn't works today. Current outcome by setting different combination like either Blocking or Allowing ALL traffic, instead of specific…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
asked 2024-05-09T14:14:58.09+00:00
William Tang 0 Reputation points
answered 2024-05-10T03:00:16.28+00:00
ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee
2 answers One of the answers was accepted by the question author.

we cannot see the request in the firewall logs from application gateway

When we send the request from postman API request is getting success also seen in database(ssms), application gateway but we cannot see the request in the firewall logs what is the issues and how to solve this error we are using this below query in…

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,000 questions
Azure Web Application Firewall
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,259 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
asked 2023-11-03T12:25:26.3333333+00:00
Mayank Jain 260 Reputation points
edited the question 2024-05-07T15:52:43.4566667+00:00
bharathn-msft 5,086 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

Exclude waf rule 944130(Suspicious Java classes)

Hi I have a web application which has WAF owasp3.2 enabled and its blocking a specific url (/polarion/gwt/com.polarion.UI/PortalDataService) Detailed Data: {java.lang.string found within…

Azure Web Application Firewall
asked 2024-04-30T05:34:57.15+00:00
Jagadish Karem 26 Reputation points
accepted 2024-04-30T08:30:16.36+00:00
Jagadish Karem 26 Reputation points
1 answer One of the answers was accepted by the question author.

About the difference web application firewall policy custom rule

Hello. Thanks for your interest in my topic. I need clarification on the difference between the web application firewall policy in azure frontdoor and the web application firewall policy in application gateway. In the waf policy for application…

Azure Web Application Firewall
asked 2024-04-22T08:42:29.3433333+00:00
romero 105 Reputation points
commented 2024-04-22T10:28:22.72+00:00
KapilAnanth-MSFT 39,211 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

Questions about the version of the CRS in Azure WAF

Hi, thanks for your interest in the topic. I have a question about the CRS version of Azure WAF. Is the latest 3.2 version of CRS in azure waf created based on the 3.2 version of OWASP? The current version of OWASP is 4.1. Compared to that, the Azure…

Azure Web Application Firewall
asked 2024-04-17T09:20:29.2833333+00:00
romero 105 Reputation points
commented 2024-04-18T10:23:54.53+00:00
GitaraniSharma-MSFT 49,006 Reputation points Microsoft Employee