Forum Discussion
Web Application Firewall in Prevention Mode
Hi Team,
My application is a ASP.NET web application built on standard .NET Framework features. It works well when Web App Firewall (WAF) is off or set to “Detection”. However, once the WAF set to “Prevention”, most requests to the web servers (both internet and intranet) will be blocked. Can I have your advice on what to be set on the firewall rule to resolve this?
1 Reply
Are you using WAF with Application Gateway or Front Door? Anyway, you should look into Web Application Firewall Policies. https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/create-waf-policy-ag
You can create both custom rules and disable managed rules to make sure that valid traffic reaches your backend. In order to find which rules are blocking your traffic make sure you enable logging in your Application Gateway or Front Door. https://docs.microsoft.com/en-us/azure/application-gateway/log-analytics
