All Questions
Tagged with azure-application-gateway web-application-firewall
21
questions
4
votes
1
answer
7k
views
How to whitelist an ip address in Azure WAF
I have an Azure Application Gateway Web Application Firewall using the OWASP 3.0 ruleset. I created a custom policy so I could create a custom rule which simply allows traffic if it's from a specific ...
- 15.7k
4
votes
1
answer
4k
views
Azure App Service with WAF
I'm looking for some Azure security best practice advice. I've seen some articles around on how to do it, but not if its necessarily required.
I have a customer who would like to move to Azure and ...
- 360
2
votes
2
answers
3k
views
WAF Rule to block all http/https traffic using Azure Application gateway
When configuring WAFs I'm used to configuring the lowest priority rule to block all inbound http/https traffic. I then add higher priority allow rules to open up the access I require.
I cant see how ...
- 5,611
1
vote
1
answer
6k
views
WAF - 200003 Multipart Request Body Strict Validation
I have an application that was doing call to Azure Application Gateway and it was failing when the following rule was enforced:
RuleId: 200003
Description: Multipart Request Body Strict Validation
...
- 2,643
1
vote
2
answers
5k
views
How to get "HTTPS" / SSL Working - Azure WAF (application gateway) with 2 Websites on Linux
I am having trouble with getting SSL/HTTPS working on a Azure WAF (ApplicationGateway) (http / port:80 is working fine)
I will explain the scenario as basic as possible:
The developer has made two ...
- 29
1
vote
1
answer
313
views
Can I add Microsoft Azure WAF as an standalone resource rather than using Application Gateway or Front Door?
I have an App Service (SSL and Custom domain configured at App Service level) for which I would like to add Azure WAF protection as a layer that sits in front of the App Service. I learned that I can ...
1
vote
1
answer
848
views
Azure Application Gateway - Prevent redirection
I've a AppService running with an endpoint www.test.com. I've deployed an Application Geteway and set up a backend pool to forward traffic from AG to www.test.com. I've then created DNS records ...
- 1,308
1
vote
2
answers
8k
views
Azure Application Gateway WAF with False Positive on SQL Injection
We are using Azure Application Gateway and WAF with detection mode enabled for now and for one of our web-applications what we are observing it is throwing SQL INJECTION ATTACK error message for URLS ...
- 772
0
votes
1
answer
48
views
Conflict Resolution: Azure Web App Autoscaling with Azure Application Gateway and WAF
Problem Description:
I'm currently architecting a solution in Azure that requires both autoscaling capabilities for my web application to ensure scalability and a Web Application Firewall (WAF) to ...
- 123
0
votes
1
answer
729
views
"Certificate does not contain any CA certificate" error when I create a SSL profile on Azure Application Gateway
Let me explain more about the scenario.
I have a web application that is hosted on an Azure App Service Plan.
I created two certificates "Root" and "Child" with the blow command:
...
- 173
0
votes
1
answer
349
views
Azure Firewall Routing to multiple backends
We are trying to host multiple sites at the backend of Azure Firewall, however we have about 30 different sites and each with their own test\dev and UAT site, which means 30 x 4 and 120 sites, each ...
- 961
0
votes
1
answer
2k
views
Prevent bypassing Azure App Gateway WAF rules
Our REST APIs hosted in Azure API Management (internal VNET mode) are only accessible from internet via Azure App Gateway (WAF v2 SKU), with OWASP CRS 3.1 rules enabled in the WAF. However, there has ...
- 416
0
votes
1
answer
785
views
Azure application Gateway WAF
I am trying to configure Azure application gateway WAF with a backendpool set to a VM in a different Azure tenant using its public IP address on port 443. All the SSL certificates are configured ...
- 623
0
votes
1
answer
52
views
Allow access to robots.txt in Azure Web application Firewall
I have a public facing angular site hosted is AKS which is behind Azure WAF. But the WAF is blocking calls to robots.txt as a result the google search engine crawler is not indexing the site.
I don't ...
- 670
0
votes
1
answer
246
views
Azure REST API throws "WAF Policy does not have any valid Primary Rule Set attached to it." error
The Azure REST API that I'm trying to call to update my WAF policy is throwing an error saying the policy doesn't have any valid primary rule set attached to it. This is the API I'm trying to hit - ...
- 1
0
votes
1
answer
756
views
Azure: Application gateway listeners based routing. A communication error occurred: "Operation timed out"
We have configured Listeners and add the rules and upload the SSL certificate on Azure portal
But the server is not hitting the URL. Suggest me if there any settings i missed to configure to enable ...
0
votes
0
answers
495
views
Azure App Gateway WAF in front of Traefik Ingress on AKS
I am using Traefik ingress controller on AKS. I need to use WAF in front of it. As I found Azure application Gateway with WAF functionality can be used for that.
I have a DNS that points to Traefik ...
- 2,499
0
votes
1
answer
900
views
Can we create a dashboard in Grafana to get WAF logs from Azure application gateway?
I want to collect Azure web application firewall logs and represent them in the Grafana dashboard. I tried doing it using the Azure Monitor plugin but couldn’t get logs. How to do it? Can anyone help?
- 425
0
votes
1
answer
4k
views
Http request blocked by Azure WAF, how to do right encoding?
I'm running a asp.net web application on Azure, I have an Application Gateway in front of it, enable the WAF (Web application Firewall).
But many of my http requests from the front-end are blocked by ...
- 81
0
votes
1
answer
1k
views
Azure Application Gateway Web Application firewall CRS setting PARNOIA LEVEL for crs-setup.conf
We are using Azure Application Gateway and Web Application Firewall (WAF) and what we want to do is we want to change the PARANOIA LEVEL from 2 to 1.
One of the OWASP Engineer helped me the command ...
- 772
-2
votes
1
answer
2k
views
Web application firewall (WAF) rules validation by javascript
WAF Rules applied to web application which is already developed. To overcome WAF blocking inputs , need to convert format of input or encode input before form submitting got failed. If any ...
