Forum Discussion
How to troubleshoot if a cookie is being sent to application gateway with each and every request
I have a rule on WAF policy associated with application gateway with a rule (set as topmost rule) to allow traffic if a particular cookie is sent with the request. But we are seeing some requests tha...
The easiest way to confirm whether the cookie is actually reaching Application Gateway is to enable Access Logs and WAF Logs.
In the access logs you can inspect requestHeaders — the App Gateway logs the full header set it receives, including cookies.
If the cookie does not appear in the logs, then the application is not sending it, regardless of what the client or developer expects.
If the cookie does appear but the request still hits a different rule, check the rule evaluation order inside the WAF policy. A broader “match” rule earlier in the chain can override the cookie-based allow rule.
Enabling ApplicationGatewayFirewallLog diagnostics will also show exactly which rule triggered and why.