WAF support for Web Apps
Here is my scenario: I have multiple Web Apps (multi-tenant) in an App Service Plan as follows: custA.azurewebsites.com custB.azurewebsites.com Above apps are same except they point to its won tenant DB. So custA talks to DBA, custB talks to…
SignalR and the WAF in Application Gateway
If I host a Blazor server side website in Azure using an App Service and the Azure SignalR service, and in front of this website there is the Azure Application Gateway. Will the SignalR packages go through the WAF? Plus will the WAF be able to detect…
Are webservers behind a WAF safe enough to be classed as trusted
Hi, I am after some advise on a hub and spoke design idea. If I have a hub that contains a firewall and a WAF where the WAF is forwarding traffic onto a webserver in a spoke virtual network. Would you then class that web server / virtual network as…
Azure Application Gateway rules
This page describes how to configure URL pathing rules for an app gateway https://learn.microsoft.com/en-us/azure/application-gateway/create-url-route-portal It says the default, for URLs not explicitly defined in rules, is to forward traffic to…
Set Database Extension fails with GatewayTimeout after restoring DB from .bacpac
I am attempting to import a database via a .bacpac file which I have stored in blob storage. I have created an Azure SQL serve, and followed the import steps described in the video attached:…
is it possible to block the traffic to one node with in the AAG(azure application gateway) using the port check
is it possible to block the traffic to one node with in the AAG(azure application gateway) using the port check, For example if i bring down the traffic port 15999 in node , how would AAG redirect the traffic to other node and not complete the existing…
Azure Application Gateway | Rule ID 913101 Python Requests are getting blocked
Hi , When we are trying to send requests to APIM using Jupyters notebook in Python, We are getting blocked in the application Gateway like the below "ruleId": "913101", "ruleGroup": "913-SCANNER-DETECTION", …
Requests to URL with length greater than 3776 characters return with status code 400
Hi, whenever our request URL exceeds the length of 3776 characters, the Application Gateway returns HTTP status code 400 (we know it's the Application Gateway returning since the same requests return fine when not going through the Application…
Making requests to external hostnames from backend pool services
When using the Azure Application Gateway, is there a way for services in the backend pool to make requests through the frontend IP of the gateway, in order to request public URLs? In this example, the VM wants to make a request that hits the App…
Azure WAF multiple Geo Location Custom Rules
Hi, I have an Azure Application Gateway V2 pointing at a new WAF custom Policy. In this custom policy I have added a single custom rule to deny access from certain countries. I have about 15 countries I want to allow access and deny all the other…
I want to gracefully disabling/enabling APIgee pool members in AAG.
Team, I would like to gracefully disable/enabling Apigee pool members in AAG , i can do it for on prem using the below doc but i would like to know how i can do the same from AAG . …
WAF related questions and Compliance
Hi, My questions on Azure WAF support on below - 1) Does WAF support TACACS, SAML, AAD, LDAP , Kerberos, RADIUS ? 2) Compliance GDPR, Sarbanes-Oxley, HIPAA, PCI-DSS, SOC2 3) Is there any to test WAF with in the Azure with all the imposed rules such…
Azure Service for creating redirection rules
Hello, I want to know which azure service I could use to create redirection rules for an Azure App service application. Currently, my solution is creating the redirect rules in my code but I have a lot of broken links that keep popping up, and most of…
Adding new rule in exisitng app gateway through powershall
Hi, I have an existing app gateway has 4 path based rule setup. I need to add new entry in app gateway through powershell, I have used following commands but after running it removes all existing entries and adds only new rule (overrides all 4 rules…
Webhook listener/receiver security
Hi, We are looking at using webhooks from various vendors outside our network. They would publish the event to us. We would be the webhook listener/receiver, not pushing the events. We have done proof of concept of creating an Azure Function to receive…
vmss node use which public ip address
Hello In my azure , I have a vmss with 2 nodes and have a application gateway to combine with this vmss . My application gateway public ip address is 20.20.20.20 and in one vmss node I use " curl ifconfig.me" will show 30.30.30.30 So…
Gateway-required VNet Integration - Regional Vnet Integration
Hi, with the GA release of Regional Vnet Integration without a Gateway link below; https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet The Azure Portal shows a message; “The selected virtual network is located…
Is it possible to split load using App Gateway?
Is there a option in Azure App Gateway to split load between multiple endpoints? i.e. 50-50 or based on configuration
Application Gateway is sending calls to server with high CPU
Hi There, While configuring high availability for my application, we came across a situation where due to session affinity enabled one server was receiving all the traffic from the same private network and others do not. The Machine which was…