{"id":4904,"date":"2020-11-26T05:59:00","date_gmt":"2020-11-26T05:59:00","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4904"},"modified":"2025-11-12T07:02:09","modified_gmt":"2025-11-12T07:02:09","slug":"log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids","title":{"rendered":"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s"},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code class=\"\">AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\" and OperationName == \"ApplicationGatewayFirewall\" and action_s == \"Blocked\"<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\" and OperationName == \"ApplicationGatewayFirewall\" and action_s == \"Blocked\"\n| summarize AggregatedValue = count() by requestUri_s, _ResourceId\n| sort by AggregatedValue desc<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">AzureDiagnostics | where ResourceProvider == \"MICROSOFT.NETWORK\" and Category == \"ApplicationGatewayFirewallLog\" and action_s == \"Blocked\"| summarize count() by ruleId_s, bin(TimeGenerated, 1m),requestUri_s | sort by TimeGenerated desc \n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How to Track HTTP Status 504<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">AzureDiagnostics<br>| where OperationName == 'ApplicationGatewayAccess'<br>| where httpStatus_d == 504<br>| summarize count() by bin(TimeGenerated,1h)<br>| render columnchart<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Track Azure WAF 949110<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You need to use the TransactionID_g of a blocked Result which will then give you what leads up to the &#8220;inbound anomaly score exceeded azure Waf&#8221;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">\nAzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\" and OperationName == \"ApplicationGatewayFirewall\" and transactionId_g == \"4cdf74f3-04bb-585c-9059-2110c8dc486a\"\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/01\/image-5.png\"><img loading=\"lazy\" decoding=\"async\" width=\"721\" height=\"473\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/01\/image-5.png\" alt=\"\" class=\"wp-image-7628 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/01\/image-5.png 721w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/01\/image-5-300x197.png 300w\" sizes=\"auto, (max-width: 721px) 100vw, 721px\" \/><\/a><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">942200 REQUEST-942-APPLICATION-ATTACK-SQLI<br>942340 REQUEST-942-APPLICATION-ATTACK-SQLI<br>942370 REQUEST-942-APPLICATION-ATTACK-SQLI<br>949110<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Check the Details_data_s<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">{&#8220;:&#8221;AUVIC&#8221;,&#8221;r found within [REQUEST_COOKIES:_tracking_consent:%7B%22region%22%3A%22AUVIC%22%2C%22reg%22%3A%22%22%2C%22con%22%3A%7B%22CMP%22%3A%7B%22m%22%3A%22%22%2C%22a%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22lim%22%3A%5B%22CMP%22%5D%2C%22v%22%3A%222.1%22%7D]}<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This _tracking_consent is a shopify Cookie!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ok we can whitelist it via Custom Rule<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/02\/image.png\"><img loading=\"lazy\" decoding=\"async\" width=\"576\" height=\"826\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/02\/image.png\" alt=\"\" class=\"wp-image-7635 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/02\/image.png 576w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/02\/image-209x300.png 209w\" sizes=\"auto, (max-width: 576px) 100vw, 576px\" \/><\/a><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayAccess\"\n| where httpStatus_d == 403\n| project TimeGenerated, Resource, clientIp_s, requestUri_s, transactionId_g, httpStatus_d\n| join kind=leftouter (\n    AzureDiagnostics\n    | where ResourceType == \"APPLICATIONGATEWAYS\"\n    | where OperationName == \"ApplicationGatewayFirewall\"\n    | project transactionId_g, action_s, ruleId_s, ruleGroup_s, Message, details_message_s, details_data_s, details_file_s\n) on transactionId_g\n| extend\n    MatchedData = details_data_s,\n    RuleDetails = strcat(\n        \"RuleID: \", ruleId_s,\n        \" | Group: \", ruleGroup_s,\n        \" | Action: \", action_s,\n        \" | Message: \", Message,\n        \" | Location: \", details_file_s,\n        \" | Matched: \", details_data_s\n    )\n| project\n    TimeGenerated,\n    Resource,\n    clientIp_s,\n    requestUri_s,\n    transactionId_g,\n    httpStatus_d,\n    action_s,\n    MatchedData,\n    RuleDetails\n| order by TimeGenerated desc<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>How to Track HTTP Status 504 Track Azure WAF 949110 You need to use the TransactionID_g of a blocked Result which will then give you what leads [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[4274,1464,4275,3394,1122,3395,3396,3393,3392],"class_list":["post-4904","post","type-post","status-publish","format-standard","hentry","category-research","tag-_tracking_consent","tag-azure","tag-cookie","tag-log-analytics","tag-query","tag-rules","tag-uris","tag-waf","tag-web-application-firewall"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == &quot;MICROSOFT.NETWORK&quot; and Category == &quot;ApplicationGatewayFirewallLog&quot; and action_s == &quot;Blocked&quot;|\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"paris\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Welcome to Pariswells.com |\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Log analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s | Welcome to Pariswells.com\" \/>\n\t\t<meta property=\"og:description\" content=\"AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == &quot;MICROSOFT.NETWORK&quot; and Category == &quot;ApplicationGatewayFirewallLog&quot; and action_s == &quot;Blocked&quot;|\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2020-11-26T05:59:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-11-12T07:02:09+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Log analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s | Welcome to Pariswells.com\" \/>\n\t\t<meta name=\"twitter:description\" content=\"AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == &quot;MICROSOFT.NETWORK&quot; and Category == &quot;ApplicationGatewayFirewallLog&quot; and action_s == &quot;Blocked&quot;|\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#article\",\"name\":\"Log analytics query for Azure WAF Web Application Firewall to Check URI\\u2019s and blocking rule ID\\u2019s | Welcome to Pariswells.com\",\"headline\":\"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s\",\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/image-5.png\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids\\\/#articleImage\",\"width\":721,\"height\":473},\"datePublished\":\"2020-11-26T05:59:00+00:00\",\"dateModified\":\"2025-11-12T07:02:09+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#webpage\"},\"articleSection\":\"Research, _tracking_consent, Azure, cookie, Log Analytics, query, rules, uris, WAF, Web Application Firewall\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#listItem\",\"name\":\"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#listItem\",\"position\":3,\"name\":\"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\",\"name\":\"Welcome to Pariswells.com\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris\",\"name\":\"paris\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"paris\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#webpage\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids\",\"name\":\"Log analytics query for Azure WAF Web Application Firewall to Check URI\\u2019s and blocking rule ID\\u2019s | Welcome to Pariswells.com\",\"description\":\"AzureDiagnostics | where ResourceType == \\\"APPLICATIONGATEWAYS\\\" and OperationName == \\\"ApplicationGatewayFirewall\\\" and action_s == \\\"Blocked\\\" AzureDiagnostics | where ResourceType == \\\"APPLICATIONGATEWAYS\\\" and OperationName == \\\"ApplicationGatewayFirewall\\\" and action_s == \\\"Blocked\\\" | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == \\\"MICROSOFT.NETWORK\\\" and Category == \\\"ApplicationGatewayFirewallLog\\\" and action_s == \\\"Blocked\\\"|\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"datePublished\":\"2020-11-26T05:59:00+00:00\",\"dateModified\":\"2025-11-12T07:02:09+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\",\"name\":\"Welcome to Pariswells.com\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Log analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s | Welcome to Pariswells.com","description":"AzureDiagnostics | where ResourceType == \"APPLICATIONGATEWAYS\" and OperationName == \"ApplicationGatewayFirewall\" and action_s == \"Blocked\" AzureDiagnostics | where ResourceType == \"APPLICATIONGATEWAYS\" and OperationName == \"ApplicationGatewayFirewall\" and action_s == \"Blocked\" | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == \"MICROSOFT.NETWORK\" and Category == \"ApplicationGatewayFirewallLog\" and action_s == \"Blocked\"|","canonical_url":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#article","name":"Log analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s | Welcome to Pariswells.com","headline":"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s","author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2024\/01\/image-5.png","@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids\/#articleImage","width":721,"height":473},"datePublished":"2020-11-26T05:59:00+00:00","dateModified":"2025-11-12T07:02:09+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#webpage"},"isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#webpage"},"articleSection":"Research, _tracking_consent, Azure, cookie, Log Analytics, query, rules, uris, WAF, Web Application Firewall"},{"@type":"BreadcrumbList","@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","position":1,"name":"Home","item":"https:\/\/pariswells.com\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","position":2,"name":"Research","item":"https:\/\/pariswells.com\/blog\/category\/research","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#listItem","name":"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s"},"previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#listItem","position":3,"name":"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s","previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}}]},{"@type":"Organization","@id":"https:\/\/pariswells.com\/blog\/#organization","name":"Welcome to Pariswells.com","url":"https:\/\/pariswells.com\/blog\/"},{"@type":"Person","@id":"https:\/\/pariswells.com\/blog\/author\/paris#author","url":"https:\/\/pariswells.com\/blog\/author\/paris","name":"paris","image":{"@type":"ImageObject","@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g","width":96,"height":96,"caption":"paris"}},{"@type":"WebPage","@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#webpage","url":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids","name":"Log analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s | Welcome to Pariswells.com","description":"AzureDiagnostics | where ResourceType == \"APPLICATIONGATEWAYS\" and OperationName == \"ApplicationGatewayFirewall\" and action_s == \"Blocked\" AzureDiagnostics | where ResourceType == \"APPLICATIONGATEWAYS\" and OperationName == \"ApplicationGatewayFirewall\" and action_s == \"Blocked\" | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == \"MICROSOFT.NETWORK\" and Category == \"ApplicationGatewayFirewallLog\" and action_s == \"Blocked\"|","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids#breadcrumblist"},"author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"creator":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"datePublished":"2020-11-26T05:59:00+00:00","dateModified":"2025-11-12T07:02:09+00:00"},{"@type":"WebSite","@id":"https:\/\/pariswells.com\/blog\/#website","url":"https:\/\/pariswells.com\/blog\/","name":"Welcome to Pariswells.com","inLanguage":"en-US","publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Welcome to Pariswells.com |","og:type":"article","og:title":"Log analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s | Welcome to Pariswells.com","og:description":"AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == &quot;MICROSOFT.NETWORK&quot; and Category == &quot;ApplicationGatewayFirewallLog&quot; and action_s == &quot;Blocked&quot;|","og:url":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids","article:published_time":"2020-11-26T05:59:00+00:00","article:modified_time":"2025-11-12T07:02:09+00:00","twitter:card":"summary","twitter:title":"Log analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s | Welcome to Pariswells.com","twitter:description":"AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; AzureDiagnostics | where ResourceType == &quot;APPLICATIONGATEWAYS&quot; and OperationName == &quot;ApplicationGatewayFirewall&quot; and action_s == &quot;Blocked&quot; | summarize AggregatedValue = count() by requestUri_s, _ResourceId | sort by AggregatedValue desc AzureDiagnostics | where ResourceProvider == &quot;MICROSOFT.NETWORK&quot; and Category == &quot;ApplicationGatewayFirewallLog&quot; and action_s == &quot;Blocked&quot;|"},"aioseo_meta_data":{"post_id":"4904","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"Article","isEnabled":true},"graphs":[],"defaultGraph":"","defaultPostTypeGraph":""},"schema_type":null,"schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","location":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2020-12-21 05:26:18","updated":"2024-07-18 01:43:01","primary_term":null,"seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\/category\/research\" title=\"Research\">Research<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tLog analytics query for Azure WAF Web Application Firewall to Check URI\u2019s and blocking rule ID\u2019s\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/pariswells.com\/blog"},{"label":"Research","link":"https:\/\/pariswells.com\/blog\/category\/research"},{"label":"Log analytics query for Azure WAF Web Application Firewall to Check URI&#8217;s and blocking rule ID&#8217;s","link":"https:\/\/pariswells.com\/blog\/research\/log-analytics-query-for-azure-waf-web-application-firewall-to-check-uris-and-blocking-rule-ids"}],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4904"}],"version-history":[{"count":10,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4904\/revisions"}],"predecessor-version":[{"id":9313,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4904\/revisions\/9313"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}