What’s New in Azure Networking – January 2023 edition

Posted by

This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.

What's New in Azure Networking – January 2023


Hello Folks,



As @Michael mentioned last month Azure Networking is the foundation of your infrastructure in Azure. So, we’re happy to bring you a monthly update on What’s new in Azure Networking.


In this blog post, we’ll cover what new with Azure Networking.



Block domain fronting behavior on newly created customer resources




Since November 8, 2022, all newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior.


Domain fronting is a technique used to bypass internet controls by making it appear that a connection to a forbidden website is actually a connection to an allowed website. This is done by using a specific hostname that is shared by multiple websites, with the actual destination website being hidden in the Application Layer Protocol (SNI) extension of the Transport Layer Security (TLS) handshake.


If you want to block domain fronting for any existing Azure Front Door, Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resources created before November 1, 2022, please open a support request, provide your subscription and Azure Front Door, Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resource information in the support request.

Once blocking of domain fronting has been enabled, Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources will block any HTTP requests that exhibit this behavior.


To learn more please visit the documentation page.


Azure Front Door and CDN documentation

Introduction to Azure Front Door

Load balance your web service traffic with Front Door

Load balance HTTP(S) traffic in Azure


Feature enhancements to Azure Web Application Firewall (WAF)




Azure’s Web Application Firewall (WAF) running either on Azure Front Door, or Azure’s Application Gateway, now support additional features that help you improve your security posture and make it easier to manage logging across resources.


  • SQL injection (SQLi) and cross site scripting (XSS) detection queries: New Azure WAF analytics SQLi and XSS detection rule templates simplify the process of setting up automated detection and response with Microsoft’s security incident & event management (SIEM) service: Microsoft Sentinel. Learn more about 
  • Azure policies for WAF logging: The regional WAF on Application Gateway and the global WAF running on Azure Front Door now have built-in Azure policies requiring resource logs and metrics. This allows you to enforce standards for WAF deployments on collecting logs and metrics for further analysis and insights related to security events.
  • Increased exclusion limit: CRS 3.2 or greater ruleset now supports exclusions limit up to 200, a 5x increase from older versions.  This increase allows you to have greater customization on how the WAF handles managed rulesets. Learn more about the 
  • Bot Manager ruleset exclusion rules: Exclusions are extended to Bot Manager Rule Set 1.0. you can learn more about that in the WAF exclusions documentation
  • Uppercase transform on custom rules: You can now handle case sensitivity when creating custom WAF rules using uppercase transform in addition to the lowercase transform. Learn more about WAF custom rules.


Per Rule Actions on regional Web Application Firewall


To continue with more Azure Web Application Firewall (WAF) goodness.  The Azure Application Gateway running the Bot Protection rule set and Core Rule Set (CRS) 3.2 or higher now supports setting actions on a rule-by-rule basis.


This gives you greater flexibility when deciding how the WAF handles a request that matches a rule’s conditions. The following per rule actions are supported:


  • Allow: The request passes through the WAF and is forwarded to the back end. No further lower priority rules can block this request.
  • Block: The request is blocked and WAF sends a response to the client without forwarding the request to the back end.
  • Log: Request is logged in the WAF logs and WAF continues evaluating lower priority rules.
  • Anomaly Scoring: This is the default action for the Core Rule Set where total anomaly score is incrementally increased when a rule with this action is matched. 

For more information regarding “per rule actions”, please visit the regional WAF documentation.


Default Rule Set 2.1 for Azure Web Application Firewall


In November 2022 (Yes, we missed that one last month…) The product Group announced the general availability of the Default Rule Set 2.1 (DRS 2.1) on Azure's global Web Application Firewall (WAF) running on Azure Front Door.




DRS 2.1 rules offer better protection than earlier versions of the DRS. It includes additional rules developed by the Microsoft Threat Intelligence team and updates to signatures to reduce false positives. It also supports transformations beyond just URL decoding.  DRS 2.1 includes 17 rule groups, as shown in the table below. Each group contains multiple rules, and you can customize behavior for individual rules, rule groups, or entire rule set.


Rule group



General group


Lock-down methods (PUT, PATCH)


Protect against protocol and encoding issues


Protect against header injection, request smuggling, and response splitting


Protect against file and path attacks


Protect against remote file inclusion (RFI) attacks


Protect again remote code execution attacks


Protect against PHP-injection attacks


Protect against Node JS attacks


Protect against cross-site scripting attacks


Protect against SQL-injection attacks


Protect against session-fixation attacks


Protect against JAVA attacks


Protect against Web shell attacks


Protect against AppSec attacks


Protect against SQLI attacks


Protect against CVE attacks


For more information on what's included in this release, please see Tuning Web Application Firewall (WAF) for Azure Front Door and  managed rules documentation.



Introduction to Azure Web Application Firewall

Protect endpoints using Web Application Firewall

Using Microsoft Sentinel with Azure WAF

How to use the new SQLi and XSS detection queries

WAF and Azure Policy

Application Gateway’s limits documentation


12 months free services for new Azure PAYG customers

OK this is not technically a new feature or service but it’s cool that you can now start building with free services.  Over 55 always free services with an Azure free account and Pay-as-you-go.


Therefore, if you are using an Azure Free account or a Pay-as-you-go account 55+ services are free… Always.  (I mean as long as you have the account)


See the list of free services here: Free Services | Microsoft Azure


See you next month!



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.