Azure Web Application Firewall

going with the application gateway in fornt of azure firewall does it lose the benefit of l7 load balancing

I have an Azure firewall in a hub and spoke architecture, and one of the spokes contains my web servers, for HTTPS filtering I have an application gateway with the WAF feature and l7 load balancing. I have a requirement to keep centralized security…

WAF 2 does not prevent script attack

I have integrated a web application firewall (2) with the application gateway in Prevention mode. However, when I attempt to create a record using FirstName as script tag, the record is successfully created. Ideally, this action should be blocked.…

Request blocked by Microsoft_DefaultRuleSet-2.1-SQLI-942120 for russian language

When we try to submit the leads in our website We figured out that for Russian language characters Azure Front door firewall rule(942120 - SQL Injection Attack: SQL Operator Detected) was blocking the requests. Below is the screenshot of how we find it…

How to fix blocked:mixed-content error on Application Gateway?

I have configured an application gateway associated to a WAF with my app service, the goal was to use WAF in front of my app; the issue now is that I dont have custom domain for my application gateway or app service. Earlier I was using default domain of…

Is it possible to use .azurewebsites.net domain with application gateway?

Hi, I have integrated azure app gateway with my app service to have WAF in front of my web app. I see that I have app gateway's IP address via which I can access the app service, is there any possibility that I use the default domain of web app even with…

Azure NSG rules both for both public and private IPs

Can I apply a public IP to a vm and have it not affect the nsg rules that I have for it's private IPs? I have current nsg rules for the private IP but i want to add a public IP and apply nsg rules to it as well. I will be limiting access to it from…

Azure WAF rule 920470 blocking the requests with details massage: Pattern match ^[\w\d/\.\-\+]+(?:\s?;\s?(?:boundary|charset)\s?=\s?['"\w\d\.\-]+)?$ at REQUEST_HEADERS:content-type. But we excluded the rule like in the below snip still the rule blocking

Azure WAF Security Features in Standard Tier with Front Door

Hey all - I’m looking for insights regarding the security features offered by the Azure WAF when deployed in the Standard tier with Azure FD, particularly in scenarios where the customer does not want to create any custom rules. Given that the Microsoft…

How to add correct exclusion on Azure WAF?

Greetings. Please help in creating an exception to the rule: OWASP_3.2 - Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link. My web application generates requests like: …

WAF rule - 100200 Malicious bots that have falsified their identity

How often is the list of Google IPs updated to avoid false positives in WAF rule '100200 Malicious bots that have falsified their identity'?

Azure AG WAF file upload

We need to upload a file with size is about 100MB and got blocked by Application Gateway WAF, we use the "file upload" method which is described here:…

Protocol and Port ranges for allow Logic Apps IP

We got the notification about the Logc Apps IP addresses that will need updating by Nov 12th. It doesn't specify any protocol or port ranges on the required IPs that need to be added. Can anyone clarify for me if they have to be any/any or we can limit…

Getting 403 forbidden error when enabling OWASP 3.2 and Enforce request body inspection limit

There is one function in my web site to download the documents also i have 182 rules Enabled in prevention (Mode)

Azure Application Gateway

Azure Application Gateway

An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.

1,217 questions

Sign in to follow

Azure Web Application Firewall

Azure Web Application Firewall

An Azure service that provides protection for web apps.

362 questions

Sign in to follow

Azure | Azure ISV (Independent Software Vendor) and Startups

Azure | Azure ISV (Independent Software Vendor) and Startups

97 questions

Sign in to follow

Azure WAF exclusion does not work for Request Cookie Keys

Hi, I have created exclusion in WAF policy for Application Gateway. This exclusion works when I set "matchVariable = Request Cookie Keys" and does not work if I set "matchVariable = Request Cookie Names". I understood that Names and…

Setting up Azure Function App with Azure Application Gateway (WAF)

Hello! I am currently trying to setup an Azure function application that will be accessed through an Application Gateway that restricts the network level access using the Azure WAF. I want to restrict the network level access by geographical location…

Azure OpenAi with private endpoints - Web App issue

I am currently experiencing issues after deploying an AI module into a web app. My Azure OpenAI setup includes private endpoints. The web app was tested with both public access and private endpoints. While I can view the chat box and send prompts, I…

In azure front door WAF policy i ahve created a custom rules with conditions to block the request for particular url based on country(Geo location). It is working as expected but i would like to know accuracy of the waf policy when using geo location

We have azure front door integrated with WAF policy. i have created a custom rules with conditions to block the request for particular url to specific country(Geo location). It is working as expected but i would like to know accuracy of the waf policy…

so F5 awaf? how can I test the deployment without altering the infrastructure?

Hi, I'd like to deploy the F5 A WAF, but I would like to test it without risking or causing any issues. Any ideas?

Update Azure application gateway WAF rules to allow request from same ip range in short span

I have a web app hosted on AKS behind an Application Gateway with WAF. My domain is onboarded on Cloudflare. The WAF is blocking network calls to my web app with rule ID 949110. I suspect that Cloudflare is replacing the actual client IP with its own and…

Can we add ruleId to the request header

Azure Gateway WAF - we want to add ruleId to every request header