The WAF is a very nice solution, but sometimes you have strange problems. Today I had a strange one. While updating and creating rules in a WAF, I got the following error.

Error: Resource

/subscriptions/GUID/resourceGroups/waf-rg/providers/Microsoft.Network/applicationGateways/waf-01/httpListeners/HTTPS_dev-domain-com_Listener

referenced by resource

/subscriptions/GUID/resourceGroups/waf-rg/providers/Microsoft.Network/applicationGateways/waf-01/redirectConfigurations/HTTP_dev-domain-com was not found.

Please make sure that the referenced resource exists, and that both resources are in the same region.

The issue happens when I delete some rules. I had one rule that was a HTTP listener with a redirector to HTTPS listener. Once the HTTP rule was deleted, the redirector link was not removed. This created a problem as the HTTPS listener could not be deleted.

The fix was to use PowerShell to remove the redirection rule. This was not an option in the Azure Portal.

First, we get the WAF. Then use that to get the rules.

$waf = Get-AzureRmApplicationGateway -Name waf-01 -ResourceGroupName waf-rg

Get the rules and verify they match the redirect rule from the error.

Get-AzureRmApplicationGatewayRedirectConfiguration -ApplicationGateway $waf -Name HTTP_dev-domain-com

Get-AzureRmApplicationGatewayHttpListener -ApplicationGateway $waf -Name HTTPS_dev-domain-com_Listener

Next, remove the redirection configuration rule and the problem listener.

remove-AzureRmApplicationGatewayRedirectConfiguration -ApplicationGateway $waf -Name HTTP_dev-domain-com

Remove-AzureRmApplicationGatewayHttpListener -ApplicationGateway $waf -Name "HTTPS_dev-domain-com_Listener"

Finally, we update the WAF.

$UpdatedAppGw = Set-AzureRmApplicationGateway -ApplicationGateway $waf