Logo

dev-resources.site

for different kinds of informations.

How to View WAF Logs and Add Custom Rules in Azure Front Door

Published at
1/9/2025
Categories
azure
webapp
logs
url
Author
syedasadrazadevops
Categories
4 categories in total
azure
open
webapp
open
logs
open
url
open
Author
18 person written this
syedasadrazadevops
open
How to View WAF Logs and Add Custom Rules in Azure Front Door

Azure Front Door's Web Application Firewall (WAF) is a powerful tool for protecting your applications from malicious traffic. However, effectively managing your WAF configuration is key to maintaining a balance between security and usability. In this blog post, we’ll explore two essential aspects:

  1. How to view WAF logs in Azure Front Door to troubleshoot issues and gain insights.
  2. How to add custom rules for specific URLs to ensure precise traffic control and enhanced security.

Real-World Scenario: The Importance of Logs and Custom Rules

In today’s interconnected world, even minor service disruptions can lead to significant setbacks. Recently, we encountered a "Service Unavailable" issue caused by blocked requests on a specific API, affecting critical operations.

What Happened?

A routine API request was blocked, resulting in an error message: "The request is blocked." Users were unable to proceed with their tasks. A reference ID was provided, pointing to the Web Application Firewall (WAF) as the culprit.

Error: Unexpected character encountered while parsing value: <. Path , line 0, position 0.
an unexpected character < while trying to parse a JSON value. This suggests that the response being parsed is an XML or HTML document, not JSON.

Possible Causes:

  1. Firewall or Bot Protection Rules: Strict rules flagged legitimate traffic as suspicious.
  2. Request Overload: High traffic triggered rate-limiting mechanisms.
  3. Configuration Errors: Misconfigured rules led to unnecessary blockages.

This incident highlighted the need for effective troubleshooting using WAF logs and the ability to add custom rules to avoid false positives.


1. Viewing WAF Logs in Azure Front Door

When WAF blocks requests, logs provide invaluable insights, helping you understand the reasons behind the blockage and take corrective actions.

How to Access WAF Logs

  1. Enable Diagnostic Logging:

    • In the Azure portal, navigate to Front Door.
    • Under the Monitoring section, select Diagnostics settings.
    • Create a new diagnostic setting and enable WAF logs.
    • Send these logs to one of the following destinations:
      • Log Analytics Workspace
      • Azure Storage Account
      • Event Hub
  2. Analyze Logs in Log Analytics:

    • Open your Log Analytics Workspace and use the following query to filter WAF logs:
     AzureDiagnostics
     | where ResourceType == "FRONTDOOR_WAF"
     | project TimeGenerated, clientIP_s, requestUri_s, ruleName_s, action_s
    
  • Key fields to analyze include:
    • requestUri_s: The URL of the request.
    • clientIP_s: The client’s IP address.
    • ruleName_s: The WAF rule triggered (e.g., Bot300100).
    • action_s: The action taken (e.g., BLOCK, ALLOW).

Example log entry:

   TimeGenerated: 2025-01-08T12:34:56Z
   clientIP_s: 192.168.1.1
   requestUri_s: /api/AddDevice
   ruleName_s: Bot300100
   action_s: BLOCK
Enter fullscreen mode Exit fullscreen mode
  1. View Logs Through Security Analytics:
    • Navigate to Front Door in the Azure portal.
    • Go to the Analytics section and open the Security Report.
    • The Security Report provides a summary of blocked requests, allowed traffic, and matched rules.
    • For a deeper dive, download the CSV report for a detailed view of WAF activities. This is especially useful for quick audits and trend analysis without requiring advanced configurations.

2. Adding Custom Rules for Specific URLs

Default WAF rules might not always align with your application's unique requirements. For example, you may want to allow specific API endpoints while maintaining strict rules for others. Custom rules give you the flexibility to tailor WAF behavior to your needs.

How to Create a Custom Rule

  1. Navigate to the WAF Policy:

    • In the Azure portal, go to Front Door and CDN profiles.
    • Select your Front Door profile and open the Web Application Firewall section.
    • Access the WAF policy attached to your Front Door.
  2. Add a Custom Rule:

    • Click Custom Rules and select Add Custom Rule.
    • Configure the rule with the following parameters:
      • Name: A descriptive name (e.g., AllowSpecificAPI).
      • Priority: Lower numbers indicate higher priority (e.g., 100).
      • Action: Choose Allow or Block.
      • Match Conditions:
      • Match Type: Use “URL path.”
      • Operator: Use “Contains” or “Equals.”
      • Value: Enter the specific URL (e.g., /api/AddDevice).
  3. Test the Rule:

    • Save and deploy the rule.
    • Use tools like curl or Postman to test the custom rule.
    • Check logs to confirm the rule is applied correctly.
  4. Regularly Review and Update Rules:

    • Monitor WAF logs to ensure the custom rule is functioning as intended.
    • Modify rules based on new traffic patterns or security requirements.

Example: Allowing a Specific API Endpoint

If an endpoint like /api/AddDevice is frequently blocked but used by legitimate clients, you can create a custom rule as follows:

  • Match Conditions:
    • URL Path = /api/AddDevice
    • IP Address = Whitelisted IPs
  • Action: Allow

This ensures seamless access to the endpoint without compromising the security of other URLs.


Best Practices for Managing Azure Front Door WAF

  1. Regular Log Reviews:

    Analyze logs frequently to identify false positives and refine rules.

  2. Detection Mode for Testing:

    Test new rules in Detection mode before enforcing them to prevent unintended disruptions.

  3. Leverage Rate Limiting:

    Implement rate-limiting rules to protect against abusive traffic.

  4. Enable Geo-Blocking:

    Restrict traffic from regions that don’t require access to your application.

  5. Use Custom Rules Sparingly:

    Keep custom rules targeted and simple to avoid performance impacts.


Conclusion

Azure Front Door’s WAF is a robust tool for securing your applications. By learning to view logs effectively and create custom rules, you can fine-tune its behavior to suit your application’s specific needs. Regularly monitor, adapt, and optimize your WAF configuration to stay ahead of evolving threats.

Have you configured custom rules or analyzed logs in Azure Front Door WAF? Share your insights and tips in the comments below!

webapp Article's
30 articles in total
Favicon
Key Benefits of Building a Progressive Web App for Small Businesses
Favicon
Best Tech Learnings of 2024
Favicon
How to View WAF Logs and Add Custom Rules in Azure Front Door
Favicon
2025 App Essentials: 8 Features to Leverage SaaS Benefits
Favicon
Performance Testing of a medical staffing services web application using JMeter
Favicon
We have built a Tailwind CSS grid generator.
Favicon
Validação e Sanitização em Aplicações Web
Favicon
Fundamentos da Segurança em Aplicações Web
Favicon
🚀 Introducing **Preadme**: Your Ultimate README Generator!
Favicon
TOP AI Coding Tools Compared: Flatlogic, FlutterFlow AI Gen, v0, Softr.io
Favicon
15 Must-Have Tools for Web Application Security Assessment
Favicon
What Are Progressive Web Apps? – A Complete Guide in 2024
Favicon
Progressive Web Apps (PWAs): Bridging the Gap Between Web and Native Apps
Favicon
Securing a Web Application on Google Cloud Platform: Best Practices and Implementation
Favicon
Migrating a Web Application from AWS to GCP: A Step-by-Step Guide
Favicon
Quizzers Hub
Favicon
How to Effectively Convert Your Web App for Mobile?
Favicon
The Ultimate Lead Generation Tool
Favicon
Best Practices for Developing and Integrating REST APIs into Web Applications
Favicon
Have You Ever Wondered: What on Earth is App Scaling?
Favicon
Answer 1.4.0: Where Fun Meet the Content You Love
Favicon
Accelerate your Playwright test suite with Microsoft Playwright Testing
Favicon
Travel Journal Web App
Favicon
Key Technologies Behind Modern Web Applications and Websites
Favicon
CREATING A LIBRARY WEB APP USING AZURE APP SERVICE
Favicon
Top Tools for Testing Accessibility in Single Page Web Applications
Favicon
Designing a Pure Python Web Framework
Favicon
10 Must-Have Features for Modern Web Applications in 2025
Favicon
How SPAs Improve Customer Satisfaction Through Enhanced User Experience
Favicon
Comprehensive Guide to Programming Naming Conventions

Featured ones: