Update Web App ModSecurity module to 2.9.2
The current version of the ModSecurity module that is integrated in the IIS of the Web App Services is 2.8.0.
This version of ModSecurity has issues with the IP + Port formatting of the AlwaysOnline service. Please update it to 2.9.2.
This seems like a quick fix which needs to be applied ASAP. Rule processing fails because of this ModSecurity bug present inn version 2.8.1: https://github.com/SpiderLabs/ModSecurity/pull/1220. Please update ModSecurity library to the latest stable version.
I find it a bit ridiculous that there is a really old buggy version of a security module installed on a PaaS system.
Having an old version of ModSecurity around could be considered just as safe as not having it at all. The latest rule sets simply doesn't work with this version, and the alternative is the Application Gateway that cannot provide us with the same configuration capabilities as ModSecurity.
As we cannot use Windows containers in production (its in preview) our only option is to host our own VMs, which then begs the question of why we have to use Azure at all for this product, when we have ample spare capacity on-premise.