Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Add RateLimitRule to the App Gateway WAF
Currently Front Door supports a RuleType RateLimitRule - https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-powershell. Add this same rule to the AppGateway custom WAF rules - https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview
317 votes -
WAF - please remove the post data limit (128 KB) and File size limit (100 MB) - Why should I be restricted?
WAF - please remove the post data limit (128 KB) and File size limit (100 MB) - Why should I be restricted?
18 votes -
We should have the visibility/Dashboard to see what all rules are being triggred from the owasp rules
We should have the visibility/Dashboard to see what all rules are being triggred from the owasp 3.0
Currently if my website goes slow and application team reports that its slow because of waf we dont know what rules are being triggered.
We raise a ticket to Microsoft backed and then they will provide the set of rules to us. This dependency should be remove
8 votes -
Web Application Firewall Logs not clear for large matches
In the WAF logs, when a rule is matched, the 'detailsmatchess' column shows a JSON breakdown of which strings matched the rule and caused the action to trigger.
However when the match is longer than 100 characters then the 'matchedPortion' value shows as empty which can make it hard to identify why the rule was triggered.
In these instances, it would be beneficial to give the name of the Parameter itself that is causing the trigger for example "__VIEWSTATE".
This could actually be added to the JSON string itself as a separate key for all matches.The attached…
3 votes -
Change default error message in prevention mode
Is it possible to adjust the default behaviour in 'prevention' mode?
We would like to answer the AppGw with a 404 instead of 403 to make any further attack attempts less likely.3 votes -
waf body
Today we encounter a number of hits on our WAF. Investigating those issues is possible but often the errors are related to the body that's added to the request. The only way to investigate the issues at this moment is by allowing the WAF rule, let the "blocked" message through to the end application, investigate there the body and determine if we keep the rule disabled or re-enable it.
This can be done a lot faster (and more secure) by allowing the possibility to track/log the body of requests sent over the WAF. possible limited to a small period of…
3 votes -
Allow block duraion configuration for ratelimit rule
Please increase the block duration when configuration WAF Custom rule (ratelimit). Basically, we want to configure a WAF rules in 4 parameters per below but we cannot set the value for 1.
• Block the IP for 1)90 minutes if the IP sends HTTP request to 2) URL x for more than 3)100 times in 4) 5 minutes.So far the block period is default to RateLimitDurationInMinutes and gets reset when the new cycle begins. There is no way we can configure the block period.
1 vote -
we just wanted to have the OWASP rules in detection mode and Bot rules in prevention mode.
Enable Bot rules in prevention mode independent of OWASP rules status.
There should not be state dependency of other rule set on Bot Rules.1 vote -
Application Gateway WAF policy - Custom Rule Annotation
Please give me the ability to add annotations to an IP address or range in WAF Policy custom rules. When adding an address, the ability to add a label such as 'Company HQ' or 'MD Home IP' would be great.
1 vote
- Don't see your idea?