Oct 07 2019
- last edited on
May 24 2021
Have been playing with the AAG Web Application Firewall for some time now and found what I believe to be some rather major flaws in functionality.
Mainly, the lack of ability to exclude a specific URI from certain WAF rule checks , instead it very much seems like when you add an exception via an Application Gateway WAF Policy, that it exlcudes the URI from the WAF entirely.
Anyone have any info, clues, tips or ways I have not found to exclude a certain URI from specific rule checks?
Oct 18 2019 03:07 PM
Hi @chrisbutler, thank you for your feedback! Checking with the AAG WAF team, this is on their roadmap already. For your information, we're targeting to host a webinar "Azure Network Security: Introduction to WAF" on Nov 14, 2019. Stay tuned as I will be posting registration details in a couple of weeks here on this page.