Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

frontDoorWebApplicationFirewallPolicies

Summary

RecommendationImpactCategoryAutomation AvailablePG Verified
Inspect Azure Front Door WAF logs for wrongfully blocked legitimate requestsHighMonitoring and AlertingNoVerified
Check Azure Application Gateway WAF logs for mistakenly blocked valid requestsHighMonitoring and AlertingNoVerified
Monitor Web Application FirewallHighMonitoring and AlertingNoPreview

Details


Inspect Azure Front Door WAF logs for wrongfully blocked legitimate requests

Impact:  High Category:  Monitoring and Alerting PG Verified:  Verified

APRL GUID:  d0cfe47f-686b-5043-bf83-5a3868acb80a

Description:

WAF may mistakenly block legitimate requests (false positives). These can be identified by examining the last 24 hours of blocked requests in Log Analytics.

Potential Benefits:

Reduces false positives, improves access
Learn More:
Azure Web Application Firewall monitoring and logging - Access Log
Understanding WAF logs
Web Application Firewall exclusion lists
Fixing a false positive

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Check Azure Application Gateway WAF logs for mistakenly blocked valid requests

Impact:  High Category:  Monitoring and Alerting PG Verified:  Verified

APRL GUID:  537b4d94-edd1-4041-b13d-8217dfa485f0

Description:

WAF may block legitimate requests as false positives. Identifying blocked requests within the last 24 hours through Log Analytics can help manage and mitigate these incorrect blockages efficiently.

Potential Benefits:

Improve false positive identification
Learn More:
Azure Web Application Firewall Monitoring and Logging
Diagnostic logs

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Monitor Web Application Firewall

Impact:  High Category:  Monitoring and Alerting PG Verified:  Preview

APRL GUID:  5357ae22-0f52-1a49-9fd4-1f00ace6add0

Description:

Monitoring the health of your Web Application Firewall and the applications it protects is crucial. This can be achieved through integration with Microsoft Defender for Cloud, Azure Monitor, and Azure Monitor logs, ensuring optimal performance and security.

Potential Benefits:

Enhanced security and health insight
Learn More:
WAF monitoring
Azure Monitor Workbook for WAF

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg