Azure Web Application Firewall
An Azure service that provides protection for web apps.
294 questions
1 answer
One of the answers was accepted by the question author.
Create Front-door Premium WAF Policy using Rest API call fails for Microsoft_DefaultRuleSet_2.1
Hi team! I am trying to create a Web Application Firewall for Front Door Premium Tier using REST API, It works with 1.x versions of Rule Set, but it fails when Managed Rule is set to 2.x version (Eg. Microsoft_DefaultRuleSet 2.1) with error "This…
asked 2023-11-03T07:02:56.2+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 94%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Ravalia Krutika Harishbhai
40
Reputation points
accepted 2023-11-07T11:36:59.3933333+00:00
Ravalia Krutika Harishbhai
40
Reputation points
0 answers
Query Azure Front Door WAF Logs
Hello MS Q&A I have a Front Door Premium with WAF, and experiencing number of "blocks" on rule "942340" I have no issues in query the logs, but unable to query what exactly the specific rule is blocking. I have tried with many…
asked 2023-10-26T11:34:58.7466667+00:00
Nibbler
616
Reputation points
commented 2023-11-01T03:14:11.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
24,231
Reputation points Microsoft Employee
1 answer
Best practices for blocking anonymous IP traffic (Azure)
Hi all. Could anyone tell me if there is a best practice for blocking traffic from VPNs or Anonymous proxies using Azure WAF? I see that there are a number of services (eg. IP2Location, MaxMind, Queue-it, IPHub) that provide lists of these IPs, but…
asked 2022-06-11T19:33:56.043+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 98%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Conor
6
Reputation points
commented 2023-10-26T10:19:41.3533333+00:00
GitaraniSharma-MSFT
49,261
Reputation points Microsoft Employee
1 answer
To restrict a domain from public access in Azure
Hi Team, I have application server which is mapped to application gateway with WAF 2. My application servers, have multiple services with different port. Like Port 443, 8080 and 8443. Especially HTTPS port - 443 pointed to two domains. For example:…
asked 2021-07-28T02:05:55.24+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELN%3C/text%3E%3C/svg%3E)
Lakshmi Narayanan
71
Reputation points
edited the question 2023-10-26T09:48:13.2533333+00:00
GitaraniSharma-MSFT
49,261
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
「A potentially dangerous Request.Form value was detected from the client」
I am building a web server in Azure with a configuration of CDN - WAF - WebApps. This is a .Net Framework web application. Because requestValidationMode="4.0" "A potentially dangerous Request.Form value was detected from the…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 57.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 answer
Automated Detection and Response for Azure WAF with Sentinel runs with errors
Good afternoon, I have been trying to trigger an automated response from Sentinel using the admin guide in…
asked 2023-10-15T17:45:34.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 86%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Romain Vilbert
0
Reputation points
answered 2023-10-18T08:17:46.8366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur
29,261
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Moving Application Gateway along with WAF to another subscription
Migrate Application Gateway and WAF deployments to another subscription on same tenant, if application gateway cannot be moved then how are we supposed to recreate an application gateway that contains 50+ http listener, 100+ Rules, and 20+ backend pools,…
asked 2023-09-19T07:12:40.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 49%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Ahmed Abdelhadi
40
Reputation points
accepted 2023-10-16T07:10:40.6133333+00:00
Ahmed Abdelhadi
40
Reputation points
1 answer
One of the answers was accepted by the question author.
Web Application Firewall Policy is not showing up while associating the Policy to the WAF-Frontend!
Hello experts! I want to configure a Web application Firewall (WAF) using Front Door. I have deployed a web application and then deployed Front Door Classic. But as you can see I am not able to associate WAF policy. I have created a WAF Policy: Can you…
asked 2023-10-11T04:54:17.0266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 43%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Nidhi Priya
426
Reputation points
edited the question 2023-10-11T05:46:41.5266667+00:00
KapilAnanth-MSFT
39,461
Reputation points Microsoft Employee
1 answer
Unable to access Azure Blob storage from Azure app service
Hi, We have an Azure app service which is present inside App gateway. While we're trying to download a file which is present inside Azure blob storage from app service, WAF is giving 403 forbidden error. Please suggest how will we be able to access…
asked 2023-09-28T10:52:20.9233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 17%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
Debashis Jena
71
Reputation points
commented 2023-10-11T00:03:34.0833333+00:00
brtrach-MSFT
15,786
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure WAF "rule 934100" is blocking ad code on Azure VM / WordPress, I do not have WAF installed, how to fix?
I have a single Azure VM running Ubuntu 22.04 set up to run my WordPress website. Nginx, MySQL, PHP are all self contained on the server. Recently I tried to update a WordPress hook (via GeneratePress) including some ad code containing "function ()…
asked 2023-09-28T14:05:12.3033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 36%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Kip Kniskern
30
Reputation points
accepted 2023-10-09T12:49:53.32+00:00
Kip Kniskern
30
Reputation points
2 answers
Azure SSO inbound traffic
Good afternoon, I created a server on azure behind a azure firewall. On this server I create a website managing Azure SingleSignOn as an Enterprise application. I would like to increase the security and allow the "azure microsoft" service to…
asked 2023-10-02T13:44:07.8466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 64%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAO%3C/text%3E%3C/svg%3E)
Admin Oryx
0
Reputation points
answered 2023-10-09T08:29:31.57+00:00
Admin Oryx
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Exclude an URL in Exclution list WAF not work for OpenIdConnect.nonce cookies
Hello Microsoft support, I use Exclution List in Azure WAF to exclude some cookies from being scanned by WAF in an Azure environment. Everything seems ok, but when i add rule (RequestCookieName contains OpenIdConnect), Azure WAF still block cookie…
asked 2023-09-15T07:15:43.37+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 83%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETT%3C/text%3E%3C/svg%3E)
Thang Trinh
45
Reputation points
accepted 2023-09-21T07:55:27.15+00:00
Thang Trinh
45
Reputation points
2 answers
checkov scanning web application firewall policy terraform module
I am scanning my terraform module using checkov scan for any loopholes and it is asking to fix log4j and provided the url as below…
asked 2023-09-15T16:11:59.3666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGT%3C/text%3E%3C/svg%3E)
Ganesh Thorave
31
Reputation points
commented 2023-09-18T17:27:51.37+00:00
ChaitanyaNaykodi-MSFT
24,231
Reputation points Microsoft Employee
0 answers
Getting 403 when upload image to WAF webapp
I'm trying to send a post request to a webapp hosted on azure using WAF and I'm getting a 403 for all requests with files. This is the code that I'm using: public insertForm(endpoint: string, model: INews, file: File): Observable { let…
asked 2023-02-20T01:03:55.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 71%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
Robert Lucena
5
Reputation points
commented 2023-09-12T14:24:22.9933333+00:00
KapilAnanth-MSFT
39,461
Reputation points Microsoft Employee
1 answer
WAF blocking legit file upload
Hi, I am facing an issue trying to upload a file, receiving 403 forbidden error. I can successfully upload the file by bypassing appgw and with WAF detection mode. The file is taken as base64 and the error i get from appgw logs is…
asked 2023-08-30T13:08:59.3766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 40%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Santhya
110
Reputation points
answered 2023-09-12T10:34:11.2833333+00:00
GitaraniSharma-MSFT
49,261
Reputation points Microsoft Employee
1 answer
Azure WAF OWASP 920470 false positive
Azure App gateway WAF V2 detects multiform content type as a threat with following message: Pattern match ^[\w\d/.-+]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['"\w\d.-]+)?$ at REQUEST_HEADERS:content-type. Isn't "boundry" expected parameter…
asked 2023-09-07T07:00:46.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 88%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VS
0
Reputation points
commented 2023-09-12T07:49:33.4366667+00:00
GitaraniSharma-MSFT
49,261
Reputation points Microsoft Employee
0 answers
web application firewall log on exluded request
Hi, Let's say we have an application gateway attached to a WAF policy and Diagnostic settings enabled. I have made some exclusions in the WAF policy. Is there anyway I can find the log for the requests that are excluded by the WAF policy exclusion?
asked 2023-08-24T13:52:55.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 20%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Kit Shing Kwong
0
Reputation points
commented 2023-09-08T06:22:57.98+00:00
ChaitanyaNaykodi-MSFT
24,231
Reputation points Microsoft Employee
1 answer
how to ignore specific owasp rule for a specific URI in azure waf v2
Need to ignore specific owasp rule for a specific url endpoint.
asked 2023-07-11T13:54:04.3133333+00:00
VS
0
Reputation points
commented 2023-09-07T14:54:07.6233333+00:00
GitaraniSharma-MSFT
49,261
Reputation points Microsoft Employee
1 answer
Azure Application Gateway Proxy Disclosure
The Azure Application Gateway WAF V2 is vulnerable to Sensitive Data Exposure, because it responds with the Server header equal to Microsoft-Azure-Application-Gateway/v2 if it is invoked with the http TRACE method and Max-Forwards header = 0. This…
asked 2020-10-23T13:17:36.123+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 4%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Michele Palese
11
Reputation points
commented 2023-09-07T09:23:30.0933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 52%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOV%3C/text%3E%3C/svg%3E)
Olivier Vanekem
81
Reputation points
1 answer
How to update an existing WAF Policy using Azure REST API?
Hi, I'm trying to update an existing WAF Policy with a new custom rule using Logic Apps using this API - https://video2.skills-academy.com/en-us/rest/api/frontdoor/webapplicationfirewall/policies/create-or-update. But I keep getting this same error as shown…
asked 2023-08-19T11:52:24.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 54%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Mrudhula Raya
0
Reputation points
edited the question 2023-09-05T16:05:26.52+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MuthuKumaranMurugaachari-MSFT
22,261
Reputation points