Stack Overflow
Stack Overflow

Questions tagged [azure-waf]

Azure Web Application Firewall adds better web application security to layer 7 Azure Application Gateway service and is available in all Azure public regions.

72 questions
0
votes
0 answers

How to bypass scanning of request body if it exceed max limit for Azure Application Gateway WAF policy

Is there any way we can scan request for < max request body size?, otherwise we want to bypass scan for request with contain attachment more than defined max size. I tried custom rule but it didn't work We need to define custom rules or perform…
SagarT
  • 13
  • 1
  • 8
0
votes
0 answers

Azure WAF Rewrite rules for updating port numbers

I have a server in Azure running two web apps, one on port 443 (IIS), another on 1024 (Apache). Both are https. I have an Azure Application Gateway (WAF v2) in place. I would like to allow requests for subdomain1.domain.com to go through on 443…
MattE
  • 1
  • 1
0
votes
1 answer

Azure WAF or Traffic Manager returning 502 when 503 is present

We have a web API server that sits behind Azure WAF and Traffic manager and everything is working fine except when the API returns 503 for maintenance and here are the steps to reproduce the issue. API starts to return 503 starting at 10:00 pm with…
jong shin
  • 682
  • 1
  • 5
  • 19
0
votes
1 answer

Unable to create a WAF2 gateway in azure

On the final stage of creating a WAF2 gateway, there is an error with code "ApplicationGatewaySslCertificateTooBig" and message "Data too big for certificate". Could anyone please help?
NVJ
  • 39
  • 1
  • 6
0
votes
1 answer

Toggle an Application Gateway WAF to Prevention/Detection mode

Goal: Toggle an application Gateway WAF between prevention and detection mode via code. Configuration Details: App GW SKU: WAFv2 Application Gateway WAF deployed Custom rules and managed policies are implemented WAF is Associated to Application…
ChiefSmo
  • 21
  • 4
0
votes
1 answer

Azure: After Uploading SSL CERTIFICATE through Application Gateway Listeners on azure ,URL is not hitting

After creating Application Gateway Listeners and rules we have uploaded the SSL certificate(HTTPS) for Port:-443, but URL is not hitting. we are using application gateway WAF , App services, we have configured Listeners, Http setting and rules but…
Kartik Agarwal
  • 11
  • 2
0
votes
1 answer

Azure: Application gateway listeners based routing. A communication error occurred: "Operation timed out"

We have configured Listeners and add the rules and upload the SSL certificate on Azure portal But the server is not hitting the URL. Suggest me if there any settings i missed to configure to enable the listeners based routing settings
Kartik Agarwal
  • 11
  • 2
0
votes
1 answer

How to analyze WAF rules on Azure?

We have an accreditation requirement to prepare some form a report that has charts/metrics of WAF detection examples, as well as recommendations We essentially want to perform a couple hours of analysis on whats poppin' and present some…
Cataster
  • 3,081
  • 5
  • 32
  • 79
0
votes
1 answer

Plain English firing Modsecurity/WAF/CRS rules

What do you do about common English text firing off the CRS rules? e.g. look at the phrases here, they all fire off a CRS alert. They are examples of reasonable text that a user could enter, and clearly I can just switch off the rules, but then the…
tony
  • 2,178
  • 2
  • 23
  • 40
0
votes
1 answer

Block part of a request using WAF or ModSecurity

Is it possible to block just part of a request using ModSecurity, Azure WAF or similar? For example could you block a cookie because it contains invalid characters while allowing the rest through I'm trying to trace an issue where sometimes a cookie…
tony
  • 2,178
  • 2
  • 23
  • 40
0
votes
1 answer

Azure Front Door Visual Studio Remote Debugging

When connecting to my Azure Web App protected by Azure WAF/FrontDoor, I cannot connect to the debugger, it seems like inbound port 4024 is blocked on the WAF/FronDoor. Remote debugging is enabled and outbound ports are open on the dev server. Any…
JeroenP
  • 1
0
votes
1 answer

Python/Django app where urllib is blocked on Azure

I am very new to Azure, so please go easy on me here. I recently deployed a Python/Django app onto Azure. In the app, I use the Python library urllib to retrieve a file on the internet via its URL. I know the code is correct because the app works…
cambridgecircus
  • 35
  • 4
0
votes
1 answer

Unable to fetch the Get-AzDiagnosticSetting via powershell in Azure FrontDoor WAF Policy. Is this allows us to fetch the diagnostic settings?

Get-AzDiagnosticSetting : Exception type: ErrorResponseException, Message: Microsoft.Azure.Management.Monitor.Models.ErrorResponseException: Operation returned an invalid status code 'BadRequest' at…
Vijay Yalla
  • 1
  • 1
0
votes
1 answer

In a REST API on a field like a password where special characters are encouraged what is the best-practice for encoding to avoid WAF false-positives

I have a REST API that uses JSON data. The Web-Application-Firewall (WAF) monitoring the traffic uses standard OWASP rules. One rule is blocking passwords that have caret characters. e.g. leA^n12 I could base64-encode the password but I am…
Rex Bloom
  • 364
  • 4
  • 14
0
votes
1 answer

Azure CDN with WAF managed rule

I have set up Azure CDN in front of Storage account to host static website and also added Content Delivery Network WAF policy to safeguard against common threats. The Content Delivery Network WAF policy only allows the use of DefaultRuleSet_1.0…
Tech Learner
  • 55
  • 7
1 2 3
4
5