In azure front door WAF policy i ahve created a custom rules with conditions to block the request for particular url based on country(Geo location). It is working as expected but i would like to know accuracy of the waf policy when using geo location
We have azure front door integrated with WAF policy. i have created a custom rules with conditions to block the request for particular url to specific country(Geo location). It is working as expected but i would like to know accuracy of the waf policy…
Update Azure application gateway WAF rules to allow request from same ip range in short span
I have a web app hosted on AKS behind an Application Gateway with WAF. My domain is onboarded on Cloudflare. The WAF is blocking network calls to my web app with rule ID 949110. I suspect that Cloudflare is replacing the actual client IP with its own and…
Azure OpenAi with private endpoints - Web App issue
I am currently experiencing issues after deploying an AI module into a web app. My Azure OpenAI setup includes private endpoints. The web app was tested with both public access and private endpoints. While I can view the chat box and send prompts, I…
WAF rule - 100200 Malicious bots that have falsified their identity
How often is the list of Google IPs updated to avoid false positives in WAF rule '100200 Malicious bots that have falsified their identity'?
How to preserve the Client IP that is amended by Azure Front Door, another amendment by App Gateway before reaching Azure APIM
Hi, My setup is configured with Azure Front Door + Azure WAF --> Azure App Gateway + WAF --> Azure API Management. The diagnostic data logs are kept with Azure Monitor. I am trying to configure in bound throttling policy on APIM to rate limit user…
Can we add ruleId to the request header
Azure Gateway WAF - we want to add ruleId to every request header
Best Methods for Diagnosing Azure Hosted Web App Communication Issues by Adjusting or Disabling Firewall Settings
Hi community, For a web app on Azure constructed using various Azure services, the design typically blocks a lot of communication for security reasons. However, to diagnose issues, it's necessary to allow inbound and outbound communication. I am…
new Ubuntu deployed today, still had old openssh-server, will Azure update the base container? CVE-2006-5051
I deployed a new Ubuntu 24.04 this morning. This base image right from Azure still has OpenSSH 9.6 (SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4), isn't that a problem? CVE-2006-5051 How many Azure containers are at risk if they were installed and not…
Customize Managed Rules
Hi, I am using Application gateway with WAF V2, I am facing one issue with a user input being blocked by WAF managed rules. The backend application allows user to special characters but the request is getting blocked by WAF only. More specifically, if…
Azure WAF Sensitive data scrubbing and InitialBodyContents match
We have requests that have application/x-www-form-urlencoded body contents which trigger false positives for the WAF rule "URL Encoding Abuse Attack Attempt" matching on the variable InitialBodyContents . Annoyingly part of the match contains…
How to configure azure application gateway with my on premise server app ?
I try to configure my new application server to connect an on premise server where I installed an app. I'm not quit sure where do I configure the Public IP address from server that's is running more than one app using the same port (443). My final…
Is there any limitation on Patch requests on Azure Application Gateway?
I have an Azure Application Gateway (WAF mode is detection) and a web application in the backend in my edge network. Everything works well, but I have an issue with a "Patch" request. When I sent this request I received: 400 Bad…
Azure Application Gateway to On Prem Service - Lock down on prem to only respond to Azure requests
Hello, We have setup Azure Application Gateway which is forwarding traffic to our on-premises server, and its working great. My question is what IP ranges or IP addresses can we setup in our on-prem firewall to lock down so that we are only responding…
How to set the exclusions for headers and header values
Wanna make exclusion for request headers and its values how to check due to what reason that request is being blocked
Managing 200 Websites with Application Gateway and WAF Protection
Hello, I have a single server that is currently hosting over 200 websites. Is it possible to manage all these websites using an application gateway and protect them with a WAF?
Allow access through WAF only for whitelisted IPs
I have an Azure Application Gateway where I manage a few client domains. I have a few production and staging domains routed to this application gateway, which I manage where I need them to be pointed to. When I was working with the domains pointed…
How do I configure the Azure Application Gateway / backend pool to drop requests that are blocked by the WAF as the log file indicate the request was blocked but the script ends up in the database.
requests blocked by the WAF are being forwarded to the backend API servers. How do you configure the backend pool or WAF to drop requests that are blocked by the WAF.
http2 compatibility
We have 2 environments were WAF is configured. In the DEV environment, its working on http2 In the UAT environment, its not working on http2. When the WAF configuration is change, it works on http1.1. I have provided some detains below (you will see…
Configuring exclusions on Applicaiton Gateway WAF
Hello, At present we are using an Application Gateway WAFv2 (in monitor mode) for web applications hosted on the backend VMs. We want to move the WAF to prevent mode, but based on the logs collected we think many legitimate requests will be blocked,…
WAF (v2) Managed Exclusion Rule difficulty with a particular request.
Hi experts.. I have a particularly troublesome request being blocked and am seemingly unable create a suitable managed exclusion rule, although it appears that it should be possible. We have an asp.net (web forms) application that uses SSRS ReportViewer…