Application Gateway WAF needs function.
Application Gateway WAF hasn't function creating custom rules and operating management UI for regular or custom rules. Also, we hope functional enhancement for WAF logs. We'd like to get the detail message if alert is happen.
Thank you for your time and consideration.
Additional functionality to inspect headers to see what kind of request is coming in and based upon that to have exceptions for IP's/ ranges allowed to make those kinds of requests.
More robust feature set for header inspection and exception management would be greatly appreciated!
Agreed. Some enhancements I would suggest would be an option to enable the additional methods for API, such as PUT and PATCH. Also allowing rules to be individually set to Blocking OR Logging mode. Enhancing the exclusions to allow specific paths for an exclusion. The ability to set rules based on specific paths, ex. "/api". And finally, the biggest enhancement would be the ability to create custom rules.
Stefan Schörling commented
Would love to have the ability to set custom return codes to.
Joon du Randt commented
I agree 100% on this one. I had a problem where the app gateway is picking up SQL injection characters in an auth token HTTP header.
I need the ability to exclude specific URLs, cookies or HTTP headers from the WAF rule matching
At the moment I have to disable the entire rule, I would much rather just exclude that header!