If needed you can block some rules on WAF by clicking on WebApplication Firewall->Rules-> Advanced rule configuration-> Enable In Logs you can check which types of requests are being blocked and check the error description and act accordingly. (You need to enable diagnostic settings for App-Gateway by storing the logs to a blob storage). If for some reasons still you are running in issues of 401/403 or application is getting blocked, then you need to check the diagnostic logs of Application Gateway. 401 comes when you try to upload larger file size than the allowed size, you might consider changing the ‘ File Upload Limit’ in Global Parameters section of WAF configuration.įew more things needs to be checked in “ Prevention Mode” like disabling ‘Inspect Request body’ if application request is getting blocked even after adding specific strings in Exclusion list. (If you are Enabling Prevention mode in WAF, then you may need to have a look into request types (Request Headers, Cookies, Attributes etc.) and need to allow the specific ones in exclusion list of WAF because, Application Gateway may block some requests if the request body is containing some different formats/characters other than the default allowed ones.This may result in 403 or 401 errors while accessing the URL on browsers. In Prevention Mode: you can allow/block the requests coming to your application URL based on specific Request Headers, Attributes and Cookies whereas Detection Mode will detect the requests and collects the logs in provided storage account or you may also choose to send it as an input to Azure Analytics or Event Hubs for further processing. Step 2: Click on “ Web application Firewall” option in left menu blade and set the configurations as shown below: -įirewall Mode=> ‘ Detection’ or ‘ Prevention’ as per your need.
0 Comments
Leave a Reply. |