Application Gateway WAF needs function.
Application Gateway WAF hasn't function creating custom rules and operating management UI for regular or custom rules. Also, we hope functional enhancement for WAF logs. We'd like to get the detail message if alert is happen.
Thank you for your time and consideration.
Agreed. Some enhancements I would suggest would be an option to enable the additional methods for API, such as PUT and PATCH. Also allowing rules to be individually set to Blocking OR Logging mode. Enhancing the exclusions to allow specific paths for an exclusion. The ability to set rules based on specific paths, ex. "/api". And finally, the biggest enhancement would be the ability to create custom rules.
Stefan Schörling commented
Would love to have the ability to set custom return codes to.
Joon du Randt commented
I agree 100% on this one. I had a problem where the app gateway is picking up SQL injection characters in an auth token HTTP header.
I need the ability to exclude specific URLs, cookies or HTTP headers from the WAF rule matching
At the moment I have to disable the entire rule, I would much rather just exclude that header!