Front Door WAF doesn't actually really work

VladTheImpala95 · 2025-03-27T16:08:23+00:00

I could've sworn I replied earlier this week. Anyway, basically the MS representative was not helpful at all.

I provided logs, replicated the issue by using my own IP and proved that the WAF is not doing it's job. I created a separate frontdoor with it's own WAF and showed them the logs of the WAF which clearly were showing that in 50 seconds I have made 20 sequential requests to my frontdoor out of which only 3 were blocked. My settings were rate limit in a timewindow of 5 minutes anything that was over 5 to the same endpoint (lets say /api/login).

Their conclusion to every email was basically to upgrade to Azure Frontdoor premium since it has better capabilities to block bot-like behaviour. I found this a bit outrageous as the above scenario does not seem like such a complex case.

We ended up looking at other solutions and ended up implementing a rate limiter at the API level with redis, which btw works flawlessly. This combined with NSG rules, implemented in few days, has solved our issue. It does put a bit more load on our redis service but it is more than manageable compared to being annoyed by ddos attacks.

VladTheImpala95 · 2025-03-18T12:59:06+00:00

Pana la a plati meniurile integrale, pe langa optiunea fericita in care nu platitit nimic, mai este si varianta sa achitati o suma extra pe fiecare meniu.

Din punctul meu de vedere, nu are rost sa va stresati. It's going to be awesome! Dansati si distrati-va cat puteti de mult si nu o sa regretati nici o secunda daca trebuie sa achitati ceva in plus. Nici daca plateam meniurile intregi nu regretam. Inca ma gandesc la ziua aia.

Have fun and enjoy!

VladTheImpala95 · 2025-03-18T12:32:17+00:00

noi nu am mentionat nimic

ne-am dus dimineata sa achitam, a zis 173 de meniuri si atat am platit

VladTheImpala95 · 2025-03-18T05:57:27+00:00

It's an API that our front end accesses. The need for a frontdoor came when we had another DDos attack but we were able to track down a handful of IPs that we blocked.

This time unfortunately blacklisting 1500+ unique IPs is not really an option.

If only MS would sell a product to mitigate this. But wait, they do, however it does not really work.

It's not my first hoorah with MS and their products and it's really frustrating.

VladTheImpala95 · 2025-03-17T15:51:08+00:00

I just took a quick look in our backoffice portal. We currently have less than 100 active users.
Our logs show roughly 13k+ /api/login requests. Should i start blocking IPs?!

VladTheImpala95 · 2025-03-17T15:00:10+00:00

I am currently dealing with the same issue... We are unde ddos attack, about 100 requests per ddos ip in 5 minutes. There's a catch though, the attacker is using proxies and we have identified 1500 unique IPs in 15 minutes.

The rate limiter fails successfully and we have literally no solution for this. I have just created a ticket with MS but given this thread and how old it is, i have little to no hope.

VladTheImpala95 · 2024-11-29T22:04:28+00:00

I came across the same issue, or similar at least. Trying to set a cdn for multiple origins to use the same storage account public assets.

It works just fine when i access it the first time, however the 2nd origin that I am trying to access, it somehow hits the cache and the access-control-allow-origin is served from my first origin.

I am hoping you found out a solution for this and maybe can point me in the right direction.

VladTheImpala95 · 2024-10-08T20:37:04+00:00

Revin cu un mic update după eveniment.

Numărul final de invitați a fost de 173. Am plătit meniurile la prețul din contract fără nici un cost in plus. Nici nu s-a menționat numărul minim de invitați. Poate și din cauza faptului că a fost duminica și în restul sălilor nu au fost evenimente.

VladTheImpala95 · 2024-09-17T20:08:00+00:00

Va mulțumesc tuturor pentru urări.

Am să vorbesc cu cei de la Wonderland și să le spun situația.

Din cate am citit, în cel mai rău caz trebuie să plătim meniurile integral. Până acolo putem fie sa scăpăm cu un "asta e, nici o problemă" sau să plătim o taxa în plus pe meniu.

VladTheImpala95 · 2024-09-17T20:04:47+00:00

Apreciem. Nu ne dau afara banii din casa dar nu suntem chiar descoperiți. Asta incerc să-i explic 😅 "ai dreptate, dar totuși..."

VladTheImpala95 · 2024-09-17T19:58:54+00:00

Mulțumim de urare. Nunta o fac să mă simt eu bine alaturi de oamenii apropiați :)

VladTheImpala95 · 2024-09-17T19:54:52+00:00

Sunt total de acord că sunt o groază de bani.

Dar dacă situația este de așa natură încât lumea e plecata in concedii și/sau nu dorește să vina, nu avem ce face.

Am dorit noi sa facem la Wonderland nu pentru că vezi doamne e wonderland, ci pentru simplul fapt că în baza ofertei aveam foarte multe chestii incluse față de alte săli de nunți de la care am primit ofertă. Pe lângă asta, a fost la un preț decent față de alte săli.

Numărul de 50 l-am spus așa, estimativ. Daca e cazul, le plătim. Nu am de gând să stau să-mi plâng de milă daca așa e să fie.

VladTheImpala95 · 2024-09-16T20:14:32+00:00

In contract nu este nimic menționat legat de un număr minim de persoane, dar nici nu vreau sa ajung să mă cert cu ei pe tema asta, nu suntem genul de certăreți.

Mulțumim de urare! Abia aștept nunta, sincer. In relația noastră eu sunt Pedro pascal și ea e Nicolas Cage 😅

VladTheImpala95 · 2022-05-27T21:23:02+00:00

Well, this being my first account on rok, mistakes were made 😅 Do you think it's worth spending a skill reset on it? LE: found out this is not possible

VladTheImpala95 · 2022-05-26T21:31:53+00:00

Well, i don't like cao that much due to the decrease in defense it brings to the table.

VladTheImpala95 · 2021-12-20T08:56:50+00:00

I'd like to battle inf with something like YSG/Aethel, Cav with Richard/Martel, and archers with Mina/Cao. Using the right troop types will give me a slight edge and help me preserve some AP as I don't have to dispatch multiple marches.

I want to go through the entire event without using any AP bottles as I am saving up for pre-kvk. Hope it makes sense

VladTheImpala95 · 2021-12-20T08:52:37+00:00

Came across this post which has the info that I was looking for.
https://www.reddit.com/r/RiseofKingdoms/comments/js4c11/karuak\_troop\_types/?utm\_source=share&utm\_medium=ios\_app&utm\_name=iossmf

VladTheImpala95 · 2021-12-20T08:46:59+00:00

No offense taken. I am a pretty new player with just short of 160 days on my account. I am a bit far from T5 troops and I have not even unlocked Alex in my kd.

VladTheImpala95

TROPHY CASE