Apr 28 2020
I have this strange behavior on my Application Gateway WAF. I created this custom rule (see image below) to deny traffic when the http request has Referer http header field empty or missing.
The problem is that this rule is only triggered when the Referer http header field is empty but not when it is missing :(
Instead, the same custom rule is working fine on the front door WAF.
Why is it happening? Did I do something wrong?
Dec 10 2020
@Maxlan71, I encountered similar problem and worked around it by a negation.
I have a P2 rule to deny all (as attached) and then you can have any P1 rules to allow whatever with non empty Header as you like. Hope that help.