196 votesunder review · 18 comments · Azure Key Vault » Managing application secrets · Flag idea as inappropriate… · Admin →
I am building a public / hybrid PaaS based environment for use at a Fortune 100 company and the lack of per-secret access control means that I have to provision a lot more keyvaults than I would like...
I agree 100% on this one. I had a problem where the app gateway is picking up SQL injection characters in an auth token HTTP header.
I need the ability to exclude specific URLs, cookies or HTTP headers from the WAF rule matching
At the moment I have to disable the entire rule, I would much rather just exclude that header!
Thank you for all the votes and feedback. We have started work on this and the capability will be supported soon. If you would like to get in touch with us to discuss your scenarios, please fill this form: https://aka.ms/ApplicationGatewayCohort
Yes please I really need this facility