Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
Application gateway WAF can protect all attacks listed>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 52%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Testa
571
Reputation points
Hi all,
May I confirm if WAF in Application gateway can protect from the attacks listed below?
- Buffer overflow
- SSI injection
- Directory Traversal
I cannot find these in the document below.
https://free.blessedness.top/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=owasp32#crs800-32
Azure Application Gateway
Azure Web Application Firewall
Azure Web Application Firewall
An Azure service that provides protection for web apps.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 27,601 Reputation points Microsoft Employee Moderator2022-12-01T18:36:51.913+00:00 @Testa ,
Thank you for reaching out. I have reached out to the team internally regarding this issue and will share an update as soon as I get a response. Thank you!
-
Testa 571 Reputation points
2022-12-06T01:04:29.067+00:00 Hi @ChaitanyaNaykodiMSFT-9638, Any feedback from your internal team?
-
Testa 571 Reputation points
2022-12-12T13:24:43.3+00:00 Hi @ChaitanyaNaykodiMSFT-9638, Any feedback from your internal team?
-
ChaitanyaNaykodi-MSFT 27,601 Reputation points Microsoft Employee Moderator
2022-12-12T21:47:54.013+00:00 @Testa ,
Apologies for the delayed response here. I got an update.
The path traversal attacks are protected by CRS 3.2 CRS rule groups and rules - Azure Web Application Firewall | Microsoft Learn.
It does not look like there are specific rules in CRS 3.2 for buffer overflow or SSI injection even though they are both part of OWASP framework. Can you please explain how you expect SSI injection and buffer overflow can occur in your specific environment?
-
ChaitanyaNaykodi-MSFT 27,601 Reputation points Microsoft Employee Moderator
2022-12-15T13:08:00.887+00:00 @Testa ,
Just following up here to see if you were able to take a look at my comment above. Thank you! -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 85%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Alfredzo Nash 0 Reputation points2025-10-08T02:02:25+00:00 Has there been updates to the new DRS 2.1 engine to include SSRF or other attack vectoring?
Sign in to comment
Sign in to answer