Are there any best practices to enable application encryption with Azure WAF
We have a web application that is hosted on Azure Linux VMs and employs app gateway WAF v2 in the front end, as well as a key cloak service that is integrated with Azure AD for sign-in.
After enabling encryption (EncryptInputParameter= “true”) in the application code (Dotnet), we are unable to sign in to our application. WAF was blocking legitimate requests after enabling encryption.
We have created custom rules in WAF (Azure App Gateway WAFv2) to whitelist the impacted URLs from WAF checking. So these requests will not be monitored by WAF in the future.
I'm not sure which is the right method or how it will impact our application security standard. Also, please suggest if there is any alternative solution to enable application encryption with Azure WAF.