In "Application Gateway WAF policy" resources cannot select "Rate limit" rule type in custom rules. Only "Match" available.

Alex Vasiuk 0 Reputation points
2024-09-04T15:48:06.59+00:00

Hi,

In "Application Gateway WAF policy" resources cannot select "Rate limit" rule type in custom rules. Only "Match" available.

I want to configure rate-limit rules in my WAF for Application Gateway. I have a bunch of "Match" custom rules that work great. But when I to follow the official doc I fail, because there is no "Rate limit" in my radio button.

I run diagnostics in Azure Portal for this resource, but nothing came up.

Happy to any help!

Best Regards,

Alex.

Azure Web Application Firewall
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 26,536 Reputation points Microsoft Employee
    2024-09-26T01:32:25.52+00:00

    @Alex Vasiuk

    Thank you for getting back and apologies for the delay here.

    I think the main issue here is that it is not obvious from the Azure Portal Web UI that OWASP should be updated to use Rate-limit.

    This is great feedback, it will help if you could file this feedback on the feedback portal here so that the team can prioritize this request.


    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to accept the answer .

    Issue:

    • I want to configure rate-limit rules in my WAF for Application Gateway. I have a bunch of "Match" custom rules that work great. But when I to follow the official doc I fail, because there is no "Rate limit" in my radio button.

    Solution:

    I tried with the cli and it gave me the answer:

    az network application-gateway waf-policy custom-rule create --policy-name <REDACTED> --resource-group <REDACTED> --action Block --name ClientIPRateLimitRule --priority 90 --rule-type RateLimitRule --rate-limit-threshold 100 --group-by-user-session '[{'"groupByVariables"':[{'"variableName"':'"ClientAddr"'}]}]'
    
    (ApplicationGatewayFirewallCustomRuleRateLimitUnsupportedManagedRuleSet) Custom Rule ClientIPRateLimitRule of type RateLimitRule and in context properties.customRules[3] is not supported with the current Managed Ruleset version. Use OWASP_3.2 or above.
    Code: ApplicationGatewayFirewallCustomRuleRateLimitUnsupportedManagedRuleSet
    Message: Custom Rule ClientIPRateLimitRule of type RateLimitRule and in context properties.customRules[3] is not supported with the current Managed Ruleset version. Use OWASP_3.2 or above.
    

    So after I updated managed rule set from OWASP_3.0 to OWASP_3.2 I managed to configure rate limit custom rules.


    If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.

    Regards,

    Chaitanya

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.