Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to update Capacity units on the Application Gateway when using WAF Policy

See original GitHub issue

Describe the bug

After creating a WAF Policy and creating an Application Gateway, it’s not possible to update the Capacity units anymore. Trying to update the Capacity in Azure Portal gives an error.

Command Name az network application-gateway create

Errors: Failed to save configuration changes to application gateway ‘application-gateway-some-name’. Error: WebApplicationFirewallConfiguration cannot be changed when there is a WAF Policy <resource here>'>application-gateway-waf-policy associated with it.

To Reproduce:

  • az network application-gateway waf-policy create
  • az network application-gateway waf-policy policy-setting update
  • az network application-gateway create -g {} -l {} -n {} --vnet-name {} --subnet {} --public-ip-address {} --frontend-port {} --sku {} --min-capacity {} --max-capacity {} --http2 {} --zones {} {} {} --waf-policy {}
  • Now, try to change the capacity in Azure Portal.

Expected Behavior

The capacity updated as normal without a WAF policy.

Environment Summary

Windows-10-10.0.19041-SP0
Python 3.6.8
Installer: MSI

azure-cli 2.10.1 *

Additional Context

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:2
  • Comments:28 (5 by maintainers)

github_iconTop GitHub Comments

7reactions
ygnrcommented, Jul 6, 2022

We found a fix, our issue was we had both WAF config and WAF policy configured on the app gateway. We had WAF Config before and we moved to policy long back but somehow WAF config was still there even though it won’t show on UI. I guess there was a recent change on the app gateway to add more validation if there are both configured it won’t allow changes.

We were able to remove the config with the following commands and after that, it started working.

$SubscriptionId = sub ID $ResourceGroupName = ResourceGroup $GatewayName = AppGWName Connect-AzAccount -Subscription $SubscriptionId $AppGw = Get-AzApplicationGateway -ResourceGroupName $ResourceGroupName -Name $GatewayName $AppGw.webApplicationFirewallConfiguration = $null Set-AzApplicationGateway -ApplicationGateway $AppGw

2reactions
gunjanjcommented, Jul 25, 2022

Thanks for raising this issue. We are aware of the API issue that was recently introduced. We are working on rolling out the fix. The issue can occur when you use API to update the config to policy. If you’re using migration script or Firewall Manager integration, you will also encounter this issue.

Meanwhile, the workaround is to nullify the WAF config object post upgrade. Thanks for your patience.

$SubscriptionId = ‘’ $ResourceGroupName = ‘’ $GatewayName = ‘’ Connect-AzAccount -Subscription $SubscriptionId $AppGw = Get-AzApplicationGateway -ResourceGroupName $ResourceGroupName -Name $GatewayName $AppGw.webApplicationFirewallConfiguration = $null Set-AzApplicationGateway -ApplicationGateway $AppGw

Read more comments on GitHub >

github_iconTop Results From Across the Web

Application Gateway high traffic support - Microsoft Learn
This article provides guidance to configure Azure Application Gateway in support of high network traffic volume scenarios.
Read more >
Configure Web Application Firewall(WAF) with Azure ...
Configure Web Application Firewall(WAF) with Azure Application Gateway · If you select No in Enable autoscaling, then enter the Scale units · Keep ......
Read more >
Using Azure WAF policies to protect your web application
If you are using Azure Application Gateway with Azure Web Application Firewall ( WAF ) policies, this webinar is for you.
Read more >
Application Load Balancers - AWS Documentation
You cannot use AWS WAF with the load balancer. ... If you do not have sufficient instance capacity or available IP addresses to...
Read more >
Azure Web Application Firewall (WAF): introduction
The Azure Web Application Firewall is one of the features of Azure Gateway and its main goal is to protect a web application...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Bump azure-mgmt-resource to Track 2 15.0.0

Next page

Error loading command modules