https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/179573#M25 <HTML><HEAD></HEAD><BODY><P>Hi There,</P><P>Is there a rule set availability for ArcGIS Enterprise deployments deployed in Azure behind an App Gateway with WAF enabled? Can these be loaded via the custom rule set functionality? Looking for some official Esri documentation if it is around.</P><P>Thanks!</P></BODY></HTML> Mon, 09 Mar 2020 02:29:38 GMT FraserHand 2020-03-09T02:29:38Z https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/179573#M25 <HTML><HEAD></HEAD><BODY><P>Hi There,</P><P>Is there a rule set availability for ArcGIS Enterprise deployments deployed in Azure behind an App Gateway with WAF enabled? Can these be loaded via the custom rule set functionality? Looking for some official Esri documentation if it is around.</P><P>Thanks!</P></BODY></HTML> Mon, 09 Mar 2020 02:29:38 GMT https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/179573#M25 FraserHand 2020-03-09T02:29:38Z https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/179574#M26 <HTML><HEAD></HEAD><BODY><P>We have the same question. Since we deployed enterprise ArcGIS onto Azure, with the network structure like Internet -&gt; Traffic Manager -&gt; App Gateway -&gt;&nbsp; Filewall -&gt; VMs, there have been inaccessible issues with some services, especially when using Dashboards with some secured feature services. Cloud team is asking for such WAF policy profile rule set provided by ESRI that can be downloaded.&nbsp;</P></BODY></HTML> Fri, 30 Oct 2020 23:21:09 GMT https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/179574#M26 JYI 2020-10-30T23:21:09Z https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/1058549#M127 <P>Did you ever get any information from Esri</P> Mon, 17 May 2021 14:58:49 GMT https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/1058549#M127 BenWalker1 2021-05-17T14:58:49Z https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/1113173#M138 <P>So far no... It seems that we have moved away from traffic manager. The infrastructure is changed to use FortiGate.. How this will have effect on the WAF policy not known yet until next year when migrating to the new env.</P> Tue, 02 Nov 2021 13:26:31 GMT https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/1113173#M138 JYI 2021-11-02T13:26:31Z https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/1125921#M139 <P>ESRI support just sent me the document which is available in December only, entitled "<STRONG>ArcGIS Enterprise Web Application Filter Rules</STRONG>". It says "<STRONG><U>This is required reading if you are implementing a WAF.</U></STRONG>" To us, "OWASP Core Ruleset Guidance" is the most important part that we have been waiting for, although Azure team is not happy with so many rules that need to be disabled. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> It also says "do not distribute or post publicly" so ask ESRI support for it.&nbsp;</P> Tue, 14 Dec 2021 15:56:17 GMT https://community.esri.com/t5/esri-software-security-privacy-questions/azure-app-gateway-waf-ruleset/m-p/1125921#M139 JYI 2021-12-14T15:56:17Z