How to show trace info on custom error pages when WAF blocks a request and returns a 403?
If a user does something that triggers a 403 because the WAF blocked the request, I would like to show some extra information in the custom error page that I have already set in the Application Gateway, so it will be easy to identify in the Log Analytics…
Why Azure Application Gateway drops dashes between transactionId and x-appgw-trace-id
The Application Gateway docs state that (source): X-appgw-trace-id is a unique guid generated by application gateway for each client request and presented in the forwarded request to the backend pool member. The guid consists of 32 alphanumeric…
Export waf owasp managed rulesets for analysis
I have a couple of application gateways, each having its own waf rulesets. I am trying to export the rules to a CSV so I can compare the differences between them, is there a good way to do this either software tool, CLI/PS or GUI? Any assistance is…
Why in the WAF V2 do I get a log file stating that the request was blocked but in the application the request was successful and the record was updated?
I have a rule 941320 triggering when posting putgroup into a web application. I understand why this is, it is because it has HTML tags in the payload. The bit I don't understand is why the firewall logs show this request as blocked in the log files but…
Azure front door support for private endpoint to AppGateway
Hi I understand Azure front door can connect App Gateway as an origin, However, it seems according to the reference below, AFD does not support private endpoint to AppGateway. If this is the case, is there any roadmap for this feature? Similarly, would…
The key vault must have GET permissions on secret + Error While Configuring Application Gateway Listener
Hi I'm trying to add a Basic type listener to an Application Gateway instance. While doing so, I wish to choose an SSL Certificate stored in a Key Vault that has access policy configured to allow Get and List permissions to the user-assigned managed…
Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI -- Mismatch, SSL Test gives back a different domain name
I have few applications hosted in IIS on a windows server. which are routed through Azure APP Gateway. I'm enhancing the SSL configuration across all my domains. Upon running the ssllabs.com test revealed a second certificate(Certificate #2: RSA 2048…
What Authentication solution would you suggest in this scenario?
Context: We are migrating from Azure App Gateway V1 to Azure App Gateway V2 for load balancing. For authentication purposes, we used NTLM which AG V2 does not support. Now I am trying to find an alternative. Ideally, I want the authentications to…
How to fix a recurring 502 bad gateway error
We haven't touched our DNS setup for ages. Still, within the last few weeks, Cloudflare returns sometimes a Cloudflare-branded HTTP 502 error, which means our Azure web server responds with a standard HTTP 502 bad gateway error. Do you know what the…
Unbale to create resources through Azure CLI & prompting resource quota in multiple seperate regions
Hi Team, Presently I am learning & preparing for AZ-104 exam and as a part of that continuously learning & performing hands-on in my free subscription . But today when try to spin up resources like Application Gateway Ingress controller &…
Setup custom DNS at application gateway for multi-tenant solution at a sub-domain level
In AKS we have UI running in a pod which is exposed by ingress controller on port 80, this is common for all tenants. In a VM which is multi-tenant, we have two applications running on port 8180 and 8230. Our requirement is http://example.com should…
Azure Application Gateway error on update configuration
Get-Error.txt When we try to update the Azure Application Gateway in the portal or Azure CLI we get an error. It doesn't matter what we try to update, the error is displayed on all updates: Link not found: Microsoft_Azure_Network not found Link not…
Could not update the ssl certificate in azure application gateway
I have replace the value and execute the command getting the error https://learn.microsoft.com/en-us/azure/application-gateway/renew-certificates az cli command could be az network application-gateway ssl-cert update \ -n…
Is Application gateway with WAF send outbound traffic to internet?
Hi Team, We are going to deploy Application gateway with WAF in the HUB. We don't have Azure firewall in HUB. I am uncertain about which path outgoing (Internet traffic) traffic will take if traffic is originating from a back-end poll server (spoke). Is…
Application gateway - Hide backend URL
Hello, I have an application hosted on Azure App Services using the .azurewebsites.net default url. I deployed an Application Gateway as WAFv2 to get in front of the application. The rules work, I can browse to the application using the Application…
we need to Migrate Azure Application Gateway and Web Application Firewall from V2 to V1
Is Migrate Azure Web Application Firewall from V2 to nasic waf V1 , is it possible? and how can we do that? How can we reduce the trafic manager cost in azure?
Download stops after 1 GB with Azure WAF
Hello, We have deployed Azure WAF infront of Linux webserver, the webserver is connected to Azure blob storage. When we try to download a file over 1GB the downloading stops when it reaches 1GB with error "network issue". We have checked…
403 Forbidden error in HTTP request in Application Gateway
Hi, I have an application gateway with WAF V2 enabled in prevention mode. The normal requests being processed but I have a case where large data around 120 KB is being passed in request, in this case I get net : :ERR_FAILED 403 (Forbidden). How can I…
403 Forbidden Error When Accessing Specific URL via Custom Domain on Azure App Gateway
I am currently facing an issue with an Azure application gateway setup and would greatly appreciate any insights or suggestions. Issue Description: I have set up an application gateway to manage traffic for an Azure App Service, and we have associated a…