MicrosoftShabazShaik, thank you for the comprehensive and clear explanation. I tried to deploy the v2 template for my Application Gateway, but it seems incompatible to changes that happened to AppGateway as I came down with a few struggles:
Do you perhaps have any idea how to mitigate it, or have an updated version besides https://github.com/Azure/Azure-Network-Security/blob/master/Azure%20WAF/Playbook%20-%20WAF%20Sentinel%20Playbook%20Block%20IP%20-%20New/templateV2.json (the problematic version)?
Thank you!
Hi MelissaRay , are you able to find a solution to this?
Hi there! I see you already mitigated your problem. My team managed to fix the parts that malfunctioned in the Logic App for us, in addition to making it clearer and AppGateway-specific.
According to my team, there was a part that the seemed to be for debugging: For Each 6 & 7 inside condition 4. It iterated over all values and set the MatchValue variable, then added it to the existing list, which caused trouble. After changing the points I described in the first reply and removing the loops, it worked.
To summarize the changes:
1 - change template version to 01-07-2022 in necessary places
2 - In the section of the "backendAddresses", we removed 'required' altogether , but it might not cause trouble for you.
3 - When going over the rules (adding the rules that are not SentinelBlockIP), we checked whether the rule type is RateLimitRule. The original Template lacked some values we required, specifically groupByUserSession. Again, you might not encounter it.
4 - remove (we used the designer) loops 6 & 7 from the logic app, it worked for us afterwards.
This is the general idea of the changes we made post-deployment from Github. I hope it helps anyone who encounters the same problems. We also recommend making the logic app clearer by renaming the loops \ variables according to what they hold, and keep only the resource type you need. The logic app is much clearer, readable and simplified!
Have a good day,
Melissa.
