:::: MENU ::::
Browsing posts in: DevOps

Find blocked requests by Azure WAF in Log Analytics

Assuming that you have correctly connected Azure WAF to Log Analytics you can run a simple query to list all the requests that have been blocked by WAF

AzureDiagnostics
| where ResourceType == "FRONTDOORS" and Category == "FrontdoorWebApplicationFirewallLog"
| where action_s == "Block"
| order by TimeGenerated desc 

Collecting IP addresses in Azure App Insights

When you want to collect IP addresses in Azure App Insights, you have to enable it. By default IP addresses are masked and you can only see some basic information like city or country.

If you want to enable this feature you can’t use Azure Portal, at least for now. The easiest way to do it, is to use Azure Resource Explorer.

  1. Go to https://resources.azure.com/ and pick proper AD you want to work with
  2. Click on Read/Write mode in top of the page.
  3. Find your App Insight instance by going into subscriptions / YOUR_SUBSCRIPTION / resourceGroups / YOUR_RESOURCE_GROUP / providers / microsoft.insights / components
  4. In Data tab click on Edit
  5. Remove the content of the properties property and put "DisableIpMasking": true
  6. Hit Patch button since we are changing the part of the resource definition.
  7. Done!

Example JSON payload

{
  "id": "/subscriptions/XXX/resourceGroups/XXX/providers/microsoft.insights/components/XXX",
  "name": "XXX",
  "type": "microsoft.insights/components",
  "location": "westeurope",
  "tags": {},
  "kind": "web",
  "etag": "\"XXX\"",
  "properties": {
    "DisableIpMasking": true
  }
}

Also this part of a documentation may be useful https://docs.microsoft.com/en-us/azure/azure-monitor/app/ip-collection