Azure Frontdoor Web Application Firewall Debug
When testing through the Azure Frontdoor you may be presented with an error page saying ‘The request is blocked’, which normally results in being a Web Application Firewall (WAF) rule being blocked.
Investigate
You can find out what the blocked rule is by following these steps:
- Go to the spective Azure Frontdoor
hmcts-{env}
for CFT andsdshmcts-{env}
for SDS. Azure Frontdoors - Go down the side menu to
Monitoring > Logs
- Go to the query and add the query below, updating
{Tracking reference}
with the reference from the WAF error message.
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog"
| where trackingReference_s == "{Tracking reference}"
- You can change the
Time range
to scope the search down.
For more information you can look at the Azure Documentation
Exclude Rules
If you need to allow this block through then you can update the exclusion rules for your frontdoor configuration following the Azure Platform Terraform ReadMe
This page was last reviewed on 15 August 2024.
It needs to be reviewed again on 15 February 2025
by the page owner platops-build-notices
.
This page was set to be reviewed before 15 February 2025
by the page owner platops-build-notices.
This might mean the content is out of date.