Skip to main content

Azure Frontdoor Web Application Firewall Debug

When testing through the Azure Frontdoor you may be presented with an error page saying ‘The request is blocked’, which normally results in being a Web Application Firewall (WAF) rule being blocked.

Azure Frontdoor WAF Error Page

Investigate

You can find out what the blocked rule is by following these steps:

  1. Go to the spective Azure Frontdoor hmcts-{env} for CFT and sdshmcts-{env} for SDS. Azure Frontdoors
  2. Go down the side menu to Monitoring > Logs
  3. Go to the query and add the query below, updating {Tracking reference} with the reference from the WAF error message.
AzureDiagnostics 
| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog"
| where trackingReference_s == "{Tracking reference}"
  1. You can change the Time range to scope the search down.

For more information you can look at the Azure Documentation

Exclude Rules

If you need to allow this block through then you can update the exclusion rules for your frontdoor configuration following the Azure Platform Terraform ReadMe

This page was last reviewed on 15 August 2024. It needs to be reviewed again on 15 February 2025 by the page owner platops-build-notices .
This page was set to be reviewed before 15 February 2025 by the page owner platops-build-notices. This might mean the content is out of date.