Application gateway server information disclosure in HTTP response header
Hi, We encountered a problem with pentesting. Found issue about server information "nginx" when application gateway response. I created an application gateway of WAF tier, I implement rewrite set for remove "Server" in response. It…
In Azure, how to grant Application Gateway access to Certificates in Key Vault
I have an application gateway AppGateway and a key vault KeyVault. My organization does not allow the use of a Vault Access Policy, I am required to use Role-based Access Control (RBAC). I created a managed identity Gateway-KeyVault-identity. I assigned…
Application gateway path-based redirect rule works, but adds "redirected" path to the target URL
I would like to configure MS Azure application gateway to redirect URL1 to URL2 based on URL1 path. For instance, I would like to redirect https://leo.test.ca/open/ to https://tod.test.ca/important/breach/. See picture below. When I access…
Generate encrypted access to application hosted on Tomcat server from outside the virtual machine by configuring it through Azure Gateway using Self Signed Certificate
I generated a self-signed certificate for my application hosted on Tomcat within a virtual machine and uploaded it to Azure Application Gateway, but I'm encountering an error. The Intermediate certificate is missing from the backend server chain.…
Azure Application Gateways do not resolve Private Endpoints of Keyvault via custom DNS servers
Hi, We've hit the same issue that @Anonymous faced in this thread: https://learn.microsoft.com/en-us/answers/questions/714888/azure-application-gateways-do-not-resolve-private.html but for key vault. Specifically the Application Gateway doesn't…
WAF IPv6 custom match rules for Application Gateway products
This blog post announced enhanced support for IPv6 and WAF on Front Door, including IPv6 custom match rules. Will Azure support custom IPv6 match rules on the Azure Application Gateway series of products while using dual-stack configuration with WAF? Is…
How can I configure an Azure Load Balancer to route traffic based on URL path?"
I need help configuring an Azure Load Balancer to route traffic to different backend pools based on the URL path. I'm currently using Azure Application Gateway but facing issues with routing requests to the correct backend based on the…
[Application Gateway] Downtime of Backend pool update
I wonder about the downtime of two cases updating backend pool on Application Gateway. Is there any effect if the client requests during updating backend pool. First, Path based rules are created with backend pool on routing rule. How is the downtime…
Can I remove the cookie from a request at the Azure Application Gateway which has a WAF behind it?
We are currently facing an issue with requests being blocked by WAF due to __hp5___meta cookie causing 403 Forbidden Errors._ This cookie is not required in our requests. So, is there a way we can remove it from the requests at the Application Gateway?
Application Gateway Basic Tier pricing is off
Hey, I created a test project utilizing an Azure Application Gateway, forwarding traffic to a Hello World Container App. I am confused by the pricing model and I feel its off compared to the calculator and Azure documentation. The Azure Application…
How to preserve the Client IP that is amended by Azure Front Door, another amendment by App Gateway before reaching Azure APIM
Hi, My setup is configured with Azure Front Door + Azure WAF --> Azure App Gateway + WAF --> Azure API Management. The diagnostic data logs are kept with Azure Monitor. I am trying to configure in bound throttling policy on APIM to rate limit user…
How to discover the attempts of using TLS 1.0 and 1.1 after upgrading the SSL policy to 20220101 version in app gateway?
We recently upgraded our SSL policy to 20220101 to enforce TLS 1.2 or later for connections to Azure application gateway. We're concerned about potential failed connection attempts from legacy clients that may still be trying to connect using TLS 1.0 or…
Azure Front Door - Web Socket Connectivity Issue
Hi, I have an end point exposed on 443 in front door which is configured to forward the traffic to backend (application Gateway) on 444. Will websocket connectivity work in this case ? I see error 400 bad Request which invoking the Front Door…
Azure APIM Multi Region Load Balancing with FrontDoor and Application Gateway
Hi, I want to achieve low latency multi region deployment of APIM so that traffic always goes to the closest region. I want to place my Azure APIM in 3 regions (US , Europe and APAC) APIM will have single US instance created and deployed to…
Configuring Azure Application Gateway as a Reverse Proxy for Azure Static Web App
How can Azure Application Gateway be configured to act as a reverse proxy for a static web app? I have two web applications: app1, deployed in an Azure VM, and app2, deployed in Azure Static Web Apps. A custom domain has been set up for app1 as…
How to solve application gateway listener exceed 200 limit
Need to know what to do do after application gateway v1 listener exceeds 200 limit on single instance
Application gateway listener error when trying to use key vault certificate using managed identity and RBAC
Hi, I'm trying to setup a listener in application gateway to use a certificate from keyvault using managed identity. But every time whne I choose in portal the managed identity and then select the key vault from the dropdown menu I get this error: …
How do I configure the Azure Application Gateway / backend pool to drop requests that are blocked by the WAF as the log file indicate the request was blocked but the script ends up in the database.
requests blocked by the WAF are being forwarded to the backend API servers. How do you configure the backend pool or WAF to drop requests that are blocked by the WAF.
VMSS Health Probe Showing Unhealthy Status Despite Whitelisting Wireserver IP 168.63.129.16
We are currently exploring the configuration of our production Virtual Machine Scale Sets (VMSS), which are behind an Azure Application Gateway. We have implemented a health extension check using the HTTP protocol on port 80. However, we are encountering…
Application gateway limits
Just want to understand what does it means Concurrent WebSocket connections: Medium gateways 20k2 and Large gateways 50k2 Is it considered to be Medium = 20000 ? and Large = 50000 ?