Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
622 questions
1 answer
One of the answers was accepted by the question author.
Host Header Injection Mitigation through Azure Front Door
Hi, we are looking for Host header injection mitigation through Azure Front Door. Currently Azure Front Door is not able to block request when Host is directly changed from our Frontend/Domain to another site. We have added some custom rules in our…
asked 2021-11-24T05:45:00.51+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 24%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tanmay Srivastava
26
Reputation points
accepted 2021-12-01T04:01:03.157+00:00
Tanmay Srivastava
26
Reputation points
1 answer
FrontdoorWebApplicationFirewallLog query output
Hi, I notice when querying blocks by the DefaultRuleSet in the WAF there is a restriction in size to the output of certain fields. Most importantly the "matchVariableValue" within the "details_m,atches_s" section. As an example, the…
asked 2021-11-23T18:51:58.027+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 23%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Mike Totton
1
Reputation point
commented 2021-11-25T17:51:53.967+00:00
Mike Totton
1
Reputation point
1 answer
App Service API, change IP
Hi, my AZURE SQL Server Database deny access from my APP API service beacause it changes server ip. So i have to add new Server IP about my APP API service to MSSQL Azure Database Firewall Whitelist. Why my APP API service change ip? What can i do…
asked 2021-11-19T16:44:50.69+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 4%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFL%3C/text%3E%3C/svg%3E)
F. Leoni
1
Reputation point
answered 2021-11-19T19:31:39.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
24,231
Reputation points Microsoft Employee
1 answer
WAF does not block traffic based on IP address
Hi, I have a web app running on VMSS behind Application Gateway. Azure Firewall is front facing for that application gateway and domain name is also mapped with Azure Firewall public ip address. This domain name is configured as listener in…
asked 2021-09-23T12:54:36.037+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 45%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
Zeeshan
26
Reputation points
answered 2021-11-04T06:42:01.35+00:00
msrini-MSFT
9,271
Reputation points Microsoft Employee
1 answer
Azure FrontDoor (classic) and WAF can not stop brute-attacks! There is no global rate-limit configuration!
Hello, Questions first; Is there any way of configuring FrontDoor/WAF to stop brute-attacks with Global Rate Limit or some other way? If we can not stop brute-attacks via FrontDoor/WAF, then what is Microsoft's offer to apply those logic,…
asked 2021-09-26T10:20:27.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 80%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENE%3C/text%3E%3C/svg%3E)
Nuri Engin
31
Reputation points
answered 2021-09-27T18:32:49.767+00:00
ChaitanyaNaykodi-MSFT
24,231
Reputation points Microsoft Employee
1 answer
How to configure WAF v2
Im trying to reach a Onprem Web Service: vm.domain.com:44300/sap/bc/ui2/flp/Launchpad.html?sap-language=es I have my WAF v2 (azure application gateway) and it works, but wehn I try to configure to reach…
asked 2021-09-21T18:24:25.477+00:00
Rogelio Pérez Antonio
1
Reputation point
answered 2021-09-21T20:07:35.437+00:00
ChaitanyaNaykodi-MSFT
24,231
Reputation points Microsoft Employee
0 answers
WAF for protect onprem website - hosted- website
Good morning. We have many websites hosted on different solutions currently protected by a physical web application firewall onpremise. I would like to dispose this device to use the azure waf to protect all corporate websites and apps, is it…
asked 2021-09-13T13:48:41.767+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 32%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGT%3C/text%3E%3C/svg%3E)
Gianluca Tarq
1
Reputation point
commented 2021-09-13T18:06:25.653+00:00
Alan Kinane
16,806
Reputation points MVP
2 answers
Application Gateway WAF policy and geo location mess
What a mess... So I wanted to add an application gateway with WAF in front of my internal load balancer so it will be accessible from the internet via the app gw public IP and protected with WAF and accessible only from Israel via a geo location…
asked 2021-08-25T12:45:40.167+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 43%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOG%3C/text%3E%3C/svg%3E)
Ori Gil
6
Reputation points
commented 2021-09-09T09:50:09.607+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SaiKishor-MSFT
17,216
Reputation points
1 answer
Azure application gateway (WAF Policy)
If possible could you please give me a quick solution regarding Application Gateway (WAF Policies). i have a scenario like my client given me task about to keep close required URLs (Eg: facebook,net, youtube.com etc) for external use and only…
asked 2021-08-31T12:42:25.167+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 28.999999999999996%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
Peela Vinod
1
Reputation point
answered 2021-09-09T09:44:00.53+00:00
SaiKishor-MSFT
17,216
Reputation points
1 answer
Azure App Gateway v2 WAF difference?
I have a v2 sku app gateway with several URLS and back end pools works great. There is a message that says "Upgrade to the WAF tier to increase your app's security." which, "looks" like you simple hit the slider over and then press…
asked 2021-08-26T20:57:05.307+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 37%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Rich Roy
26
Reputation points
answered 2021-08-31T20:19:33.787+00:00
ChaitanyaNaykodi-MSFT
24,231
Reputation points Microsoft Employee
1 answer
What is the best way to pass data to an API through an Azure Application Gateway and WAF and avoid false positives
I have a back-end API that I am sending data to and some data triggers the WAF to BLOCK that should not. I am considering base64 encoding the data but that seems unnecessary. Example payload that fails: { "username":…
asked 2021-08-19T20:47:32.037+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 82%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
rex
1
Reputation point
answered 2021-08-26T13:08:52.983+00:00
SaiKishor-MSFT
17,216
Reputation points
1 answer
One of the answers was accepted by the question author.
Content Delivery Network WAF Policy
Hi Does Content Delivery Network WAF Policy associated with Microsoft Standard CDN provide protection against Crawlers and scanners. Protect applications from bots If not then is there any document to create custom ruleset for Content…
asked 2021-07-15T02:31:16.573+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 7.000000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
azuretechy
21
Reputation points
commented 2021-08-02T06:24:47.91+00:00
GitaraniSharma-MSFT
49,261
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
enable diagnostics on WAF with ARM template
I was looking for enabling diagnostics on WAF for ApplicationGatewayFirewallLog in ARM template, to send them to Log Analytics workspace, however I haven't find any reasonable solution. Could you please advise what is the best way of achieving this?
asked 2021-06-11T19:09:08.427+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 50%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Jan Kosmala
121
Reputation points
accepted 2021-07-13T06:59:29.26+00:00
Jan Kosmala
121
Reputation points
1 answer
Connecting VM to apps in a seperate resource group
I need some insight on how to connect a VM in a separate resource group to apps in another resource group that is fire-walled off with a public ip. Is it as simple as creating rules on the firewall to allow inbound traffic from the VM's public IP? or is…
asked 2021-07-07T13:02:09.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 63%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Ronald Harvey
1
Reputation point
answered 2021-07-08T00:05:08.447+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 41%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Susheel Bhatt
356
Reputation points
1 answer
Azure Web Applicion Gateway and Firewall
This is all a bit confusing. I think I know what I need, but can't figure out pricing. Azure is not very transparent with pricing. This is what I am trying to accomplish. Our application is simply a Web Application that also services API's from…
asked 2021-05-25T17:10:33.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 55.00000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
Ben Levy
61
Reputation points
commented 2021-06-15T08:46:57.783+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 57.00000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sruthi Saranya Karthikeyan
231
Reputation points Microsoft Employee
1 answer
Permit a few sites to operate on Auze VM
We want traffic blocked on our VMs and limited to only a few trusted sites. How to configure / make such a rule. A handful of 10 sites should only open from the internet on the VM and the rest should be all blocked.
asked 2021-05-28T12:15:33.053+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 66%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Akshay Shah
1
Reputation point
answered 2021-06-01T14:00:10.843+00:00
msrini-MSFT
9,271
Reputation points Microsoft Employee
1 answer
Application Gateway Update HTTP_HOST server variable
Hi Team, is it possible to update HTTP_HOTS SERVER variable value in azure application gateway or apache2?
asked 2021-04-30T07:34:13.103+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 13%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Mohit Kumar Sharma
86
Reputation points
commented 2021-05-11T12:28:35.187+00:00
GitaraniSharma-MSFT
49,261
Reputation points Microsoft Employee
1 answer
Use Fortigate Nextgent firewall vm to Protect AKS
Hi All, Can help suggestion me for implement following reference solution architecture below? i want to use Application gateway WAF v2 recieve traffic from internat and then snat to Fortogate firewall and dnat to AKS and Web App service. …
asked 2021-04-25T13:49:09.207+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 65%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETR%3C/text%3E%3C/svg%3E)
Thanakrit Rungchatkamol
1
Reputation point
answered 2021-05-07T19:45:23.31+00:00
msrini-MSFT
9,271
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Why doesn't the portal UI work for multiple hostnames, and why only 5 hostnames allowed?
The Application Gateway v2 / WAF V2 allows listeners with multiple hostnames, but only using the CLI interface. Why isn't the portal updated to allow this yet? It's fairly fundamental functionality isn't it? Why only 5 hostnames? We have (for…
asked 2021-04-26T15:36:41.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 92%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Nigel Morse
191
Reputation points
commented 2021-05-07T11:13:59.583+00:00
Nigel Morse
191
Reputation points
0 answers
tailing slash redirection app service
Hi All, My app service added tailing slash on the URL and re
asked 2021-04-30T07:31:33.027+00:00
Mohit Kumar Sharma
86
Reputation points
commented 2021-05-05T00:13:11.87+00:00
SaiKishor-MSFT
17,216
Reputation points