Azure Web Application Firewall
An Azure service that provides protection for web apps.
324 questions
1 answer
How to set the exclusions for headers and header values
Wanna make exclusion for request headers and its values how to check due to what reason that request is being blocked
asked 2024-06-18T18:35:28.0266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 69%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Nupur Patel
0
Reputation points
answered 2024-06-18T22:38:16.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
26,096
Reputation points Microsoft Employee
2 answers
Managing 200 Websites with Application Gateway and WAF Protection
Hello, I have a single server that is currently hosting over 200 websites. Is it possible to manage all these websites using an application gateway and protect them with a WAF?
asked 2024-05-29T07:27:34.4466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 23%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Nitin Arora
25
Reputation points
commented 2024-05-30T12:48:39.8833333+00:00
GitaraniSharma-MSFT
49,576
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Allow access through WAF only for whitelisted IPs
I have an Azure Application Gateway where I manage a few client domains. I have a few production and staging domains routed to this application gateway, which I manage where I need them to be pointed to. When I was working with the domains pointed…
asked 2024-05-27T19:21:18.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 0%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raphael Pereira
20
Reputation points
accepted 2024-05-28T15:42:38.56+00:00
Raphael Pereira
20
Reputation points
0 answers
http2 compatibility
We have 2 environments were WAF is configured. In the DEV environment, its working on http2 In the UAT environment, its not working on http2. When the WAF configuration is change, it works on http1.1. I have provided some detains below (you will see…
asked 2024-05-21T16:42:57.35+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 73%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Fobuzie, Marleo
0
Reputation points
commented 2024-05-22T05:20:22.98+00:00
KapilAnanth-MSFT
44,846
Reputation points Microsoft Employee
1 answer
Configuring exclusions on Applicaiton Gateway WAF
Hello, At present we are using an Application Gateway WAFv2 (in monitor mode) for web applications hosted on the backend VMs. We want to move the WAF to prevent mode, but based on the logs collected we think many legitimate requests will be blocked,…
asked 2022-03-07T18:21:46.043+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 26%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Ashish Gupta
1
Reputation point
commented 2024-05-20T17:22:02.3733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 90%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Morgan Ecklund
0
Reputation points
1 answer
One of the answers was accepted by the question author.
WAF (v2) Managed Exclusion Rule difficulty with a particular request.
Hi experts.. I have a particularly troublesome request being blocked and am seemingly unable create a suitable managed exclusion rule, although it appears that it should be possible. We have an asp.net (web forms) application that uses SSRS ReportViewer…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
1 answer
I want to block certain regions of a country on application gateway and not entire country how can I do that
I want to block certain regions in country based on iso code and azure only gives me option to do it for entire country. How can I implement it for a region in country
asked 2024-05-14T20:00:33.4566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 57.99999999999999%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Kajal Kothari
0
Reputation points
edited an answer 2024-05-17T11:07:24.1833333+00:00
GitaraniSharma-MSFT
49,576
Reputation points Microsoft Employee
0 answers
I would like to check if there is a possibility to block based on device ID in WAF
we need to block the requests in waf based on the client device ID . How can we achieve it. And also is there any way to know the device ID of the user from waf logs
asked 2024-05-12T19:28:38.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 32%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Madhavi Sri
0
Reputation points
commented 2024-05-13T09:48:05.06+00:00
KapilAnanth-MSFT
44,846
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Upgrade your legacy WAF configuration to WAF policies
I have received "high impact" Advisor recommendations from azure to "Upgrade your legacy WAF configuration to WAF policies". I have tried to follow as per suggested in the following…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 1%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Publish an application with NTLM authentication
Hello, Azure has an authentication application that is configured to use the NTLM AD provider. This is a virtual machine with IIS and users logged into the domain transparently open the site without authentication. We would like to protect applications…
asked 2024-05-10T18:04:38.6366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Mountain Pond
1,441
Reputation points
edited a comment 2024-05-12T21:44:25.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sina Salam
10,256
Reputation points
1 answer
Application Gateway WAF v2 only allow specfic IP Traffic
Hi Team, I have setup a custom rule in WAF previously to only allow few IP to access AGW. However the same rule doesn't works today. Current outcome by setting different combination like either Blocking or Allowing ALL traffic, instead of specific…
asked 2024-05-09T14:14:58.09+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWT%3C/text%3E%3C/svg%3E)
William Tang
0
Reputation points
answered 2024-05-10T03:00:16.28+00:00
ChaitanyaNaykodi-MSFT
26,096
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
we cannot see the request in the firewall logs from application gateway
When we send the request from postman API request is getting success also seen in database(ssms), application gateway but we cannot see the request in the firewall logs what is the issues and how to solve this error we are using this below query in…
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,062 questions
Azure Web Application Firewall
Azure Web Application Firewall
An Azure service that provides protection for web apps.
324 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,718 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
254 questions
asked 2023-11-03T12:25:26.3333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 69%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Mayank Jain
260
Reputation points
edited the question 2024-05-07T15:52:43.4566667+00:00
bharathn-msft
5,096
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Exclude waf rule 944130(Suspicious Java classes)
Hi I have a web application which has WAF owasp3.2 enabled and its blocking a specific url (/polarion/gwt/com.polarion.UI/PortalDataService) Detailed Data: {java.lang.string found within…
asked 2024-04-30T05:34:57.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 55.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Jagadish Karem
26
Reputation points
accepted 2024-04-30T08:30:16.36+00:00
Jagadish Karem
26
Reputation points
1 answer
One of the answers was accepted by the question author.
About the difference web application firewall policy custom rule
Hello. Thanks for your interest in my topic. I need clarification on the difference between the web application firewall policy in azure frontdoor and the web application firewall policy in application gateway. In the waf policy for application…
asked 2024-04-22T08:42:29.3433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
romero
125
Reputation points
commented 2024-04-22T10:28:22.72+00:00
KapilAnanth-MSFT
44,846
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Questions about the version of the CRS in Azure WAF
Hi, thanks for your interest in the topic. I have a question about the CRS version of Azure WAF. Is the latest 3.2 version of CRS in azure waf created based on the 3.2 version of OWASP? The current version of OWASP is 4.1. Compared to that, the Azure…
asked 2024-04-17T09:20:29.2833333+00:00
romero
125
Reputation points
commented 2024-04-18T10:23:54.53+00:00
GitaraniSharma-MSFT
49,576
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Confusion between WAF with Application Gateway and FrontDoor when securing custom Web Apps running on Azure VM published to the internet ?
Could you please let me know which Azure technology can be used to minimize the attack surface for safely publishing a Virtual Machine as a Web App on the internet? WAF with Application Gateway:…
asked 2024-04-12T12:12:14.38+00:00
EnterpriseArchitect
5,376
Reputation points
commented 2024-04-17T13:31:35.5466667+00:00
KapilAnanth-MSFT
44,846
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
WAF azure websocket problem
Hey everyone, I have trouble with app-gw and WAF. The problem is that we implement a websocket and in the app-gw log comes this one: error_info_s: ERRORINFO_UPSTREAM_TIMED_OUT WAFMode_s: Prevention Have another app-gw without WAF and the same config,…
asked 2024-04-05T11:43:25.07+00:00
Nasimjon Tohirov
231
Reputation points
accepted 2024-04-12T09:35:54.9466667+00:00
Nasimjon Tohirov
231
Reputation points
1 answer
One of the answers was accepted by the question author.
How to show trace info on custom error pages when WAF blocks a request and returns a 403?
If a user does something that triggers a 403 because the WAF blocked the request, I would like to show some extra information in the custom error page that I have already set in the Application Gateway, so it will be easy to identify in the Log Analytics…
asked 2024-03-20T15:38:05.0133333+00:00
del Risco Martínez, Jorge
20
Reputation points
accepted 2024-04-09T07:48:07.0466667+00:00
del Risco Martínez, Jorge
20
Reputation points
1 answer
Export waf owasp managed rulesets for analysis
I have a couple of application gateways, each having its own waf rulesets. I am trying to export the rules to a CSV so I can compare the differences between them, is there a good way to do this either software tool, CLI/PS or GUI? Any assistance is…
asked 2024-04-04T13:06:59+00:00
Razzi29
331
Reputation points
answered 2024-04-04T19:19:10.9666667+00:00
ChaitanyaNaykodi-MSFT
26,096
Reputation points Microsoft Employee
0 answers
Understanding Discrepancy in WAF Detection: Sending Data as 積極性 but Matched as Mu' in SQL Injection Attack Error
Hello Team, I'm encountering an issue with the WAF Microsoft_DefaultRuleSet-2.1-MS-ThreatIntel-SQLI-99031001. When submitting a form using the POST method, specifically at the input…
asked 2024-04-01T10:45:58.03+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 57.99999999999999%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENN%3C/text%3E%3C/svg%3E)
Nguyễn Đức Duy
0
Reputation points
commented 2024-04-04T16:17:31.61+00:00
GitaraniSharma-MSFT
49,576
Reputation points Microsoft Employee