:::: MENU ::::

Find blocked requests by Azure WAF in Log Analytics

Assuming that you have correctly connected Azure WAF to Log Analytics you can run a simple query to list all the requests that have been blocked by WAF

| where ResourceType == "FRONTDOORS" and Category == "FrontdoorWebApplicationFirewallLog"
| where action_s == "Block"
| order by TimeGenerated desc 

HTTP Methods for RESTful Services

For so many times I am wondering which HTTP method should be used when I want to add, replace or modify a resource. Table below summarizes all the common methods and what they are doing.

HTTP VerbCRUDMeaning
GETReadGet the resource.
POSTCreateCreate NEW resource.
PATCHUpdate/ModifyModify part of the existing resource. Send only data you want to change.
PUTUpdate/ReplaceReplace the existing resource with new one.
DELETEDeleteDelete the resource

Source: https://www.restapitutorial.com/lessons/httpmethods.html

Collecting IP addresses in Azure App Insights

When you want to collect IP addresses in Azure App Insights, you have to enable it. By default IP addresses are masked and you can only see some basic information like city or country.

If you want to enable this feature you can’t use Azure Portal, at least for now. The easiest way to do it, is to use Azure Resource Explorer.

  1. Go to https://resources.azure.com/ and pick proper AD you want to work with
  2. Click on Read/Write mode in top of the page.
  3. Find your App Insight instance by going into subscriptions / YOUR_SUBSCRIPTION / resourceGroups / YOUR_RESOURCE_GROUP / providers / microsoft.insights / components
  4. In Data tab click on Edit
  5. Remove the content of the properties property and put "DisableIpMasking": true
  6. Hit Patch button since we are changing the part of the resource definition.
  7. Done!

Example JSON payload

  "id": "/subscriptions/XXX/resourceGroups/XXX/providers/microsoft.insights/components/XXX",
  "name": "XXX",
  "type": "microsoft.insights/components",
  "location": "westeurope",
  "tags": {},
  "kind": "web",
  "etag": "\"XXX\"",
  "properties": {
    "DisableIpMasking": true

Also this part of a documentation may be useful https://docs.microsoft.com/en-us/azure/azure-monitor/app/ip-collection

Force https

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]