Create Front-door Premium WAF Policy using Rest API call fails for Microsoft_DefaultRuleSet_2.1
Hi team! I am trying to create a Web Application Firewall for Front Door Premium Tier using REST API, It works with 1.x versions of Rule Set, but it fails when Managed Rule is set to 2.x version (Eg. Microsoft_DefaultRuleSet 2.1) with error "This…
Query Azure Front Door WAF Logs
Hello MS Q&A I have a Front Door Premium with WAF, and experiencing number of "blocks" on rule "942340" I have no issues in query the logs, but unable to query what exactly the specific rule is blocking. I have tried with many…
![](https://techprofile.blob.core.windows.net/images/6ji7j_vV90SMxDOvXvgWyQ.png?8D87E6)
Best practices for blocking anonymous IP traffic (Azure)
Hi all. Could anyone tell me if there is a best practice for blocking traffic from VPNs or Anonymous proxies using Azure WAF? I see that there are a number of services (eg. IP2Location, MaxMind, Queue-it, IPHub) that provide lists of these IPs, but…
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
To restrict a domain from public access in Azure
Hi Team, I have application server which is mapped to application gateway with WAF 2. My application servers, have multiple services with different port. Like Port 443, 8080 and 8443. Especially HTTPS port - 443 pointed to two domains. For example:…
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
「A potentially dangerous Request.Form value was detected from the client」
I am building a web server in Azure with a configuration of CDN - WAF - WebApps. This is a .Net Framework web application. Because requestValidationMode="4.0" "A potentially dangerous Request.Form value was detected from the…
Automated Detection and Response for Azure WAF with Sentinel runs with errors
Good afternoon, I have been trying to trigger an automated response from Sentinel using the admin guide in…
Moving Application Gateway along with WAF to another subscription
Migrate Application Gateway and WAF deployments to another subscription on same tenant, if application gateway cannot be moved then how are we supposed to recreate an application gateway that contains 50+ http listener, 100+ Rules, and 20+ backend pools,…
Web Application Firewall Policy is not showing up while associating the Policy to the WAF-Frontend!
Hello experts! I want to configure a Web application Firewall (WAF) using Front Door. I have deployed a web application and then deployed Front Door Classic. But as you can see I am not able to associate WAF policy. I have created a WAF Policy: Can you…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Unable to access Azure Blob storage from Azure app service
Hi, We have an Azure app service which is present inside App gateway. While we're trying to download a file which is present inside Azure blob storage from app service, WAF is giving 403 forbidden error. Please suggest how will we be able to access…
![](https://techprofile.blob.core.windows.net/images/wAnczKyrJEW-0tSusWUY8A.png?8D9C64)
Azure WAF "rule 934100" is blocking ad code on Azure VM / WordPress, I do not have WAF installed, how to fix?
I have a single Azure VM running Ubuntu 22.04 set up to run my WordPress website. Nginx, MySQL, PHP are all self contained on the server. Recently I tried to update a WordPress hook (via GeneratePress) including some ad code containing "function ()…
Azure SSO inbound traffic
Good afternoon, I created a server on azure behind a azure firewall. On this server I create a website managing Azure SingleSignOn as an Enterprise application. I would like to increase the security and allow the "azure microsoft" service to…
Exclude an URL in Exclution list WAF not work for OpenIdConnect.nonce cookies
Hello Microsoft support, I use Exclution List in Azure WAF to exclude some cookies from being scanned by WAF in an Azure environment. Everything seems ok, but when i add rule (RequestCookieName contains OpenIdConnect), Azure WAF still block cookie…
checkov scanning web application firewall policy terraform module
I am scanning my terraform module using checkov scan for any loopholes and it is asking to fix log4j and provided the url as below…
Getting 403 when upload image to WAF webapp
I'm trying to send a post request to a webapp hosted on azure using WAF and I'm getting a 403 for all requests with files. This is the code that I'm using: public insertForm(endpoint: string, model: INews, file: File): Observable { let…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
WAF blocking legit file upload
Hi, I am facing an issue trying to upload a file, receiving 403 forbidden error. I can successfully upload the file by bypassing appgw and with WAF detection mode. The file is taken as base64 and the error i get from appgw logs is…
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
Azure WAF OWASP 920470 false positive
Azure App gateway WAF V2 detects multiform content type as a threat with following message: Pattern match ^[\w\d/.-+]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['"\w\d.-]+)?$ at REQUEST_HEADERS:content-type. Isn't "boundry" expected parameter…
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
web application firewall log on exluded request
Hi, Let's say we have an application gateway attached to a WAF policy and Diagnostic settings enabled. I have made some exclusions in the WAF policy. Is there anyway I can find the log for the requests that are excluded by the WAF policy exclusion?
how to ignore specific owasp rule for a specific URI in azure waf v2
Need to ignore specific owasp rule for a specific url endpoint.
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
Azure Application Gateway Proxy Disclosure
The Azure Application Gateway WAF V2 is vulnerable to Sensitive Data Exposure, because it responds with the Server header equal to Microsoft-Azure-Application-Gateway/v2 if it is invoked with the http TRACE method and Max-Forwards header = 0. This…
How to update an existing WAF Policy using Azure REST API?
Hi, I'm trying to update an existing WAF Policy with a new custom rule using Logic Apps using this API - https://video2.skills-academy.com/en-us/rest/api/frontdoor/webapplicationfirewall/policies/create-or-update. But I keep getting this same error as shown…