Update az-front-door.md

carlospolop · web-flow · commit 45b2e5e0a83a · 2025-10-23T14:05:23.000+02:00
diff --git a/src/pentesting-cloud/azure-security/az-services/az-front-door.md b/src/pentesting-cloud/azure-security/az-services/az-front-door.md
@@ -10,8 +10,6 @@ To bypass this rule automated tools can be used that **brute-force IP addresses*
 
 This is mentioned in the [Microsoft documentation](https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction).
 
----
-
 ## Credential Skimming via WAF Custom Rules + Log Analytics
 
 Abuse Azure Front Door (AFD) WAF Custom Rules in combination with Log Analytics to capture cleartext credentials (or other secrets) traversing the WAF. This is not a CVE; it’s misuse of legitimate features by anyone who can modify the WAF policy and read its logs.
@@ -80,13 +78,10 @@ The matched values appear in details_matches_s and include the cleartext values
 - An existing Azure Front Door instance.
 - Permissions to edit the AFD WAF policy and read the associated Log Analytics workspace.
 
-### Impact
-- High risk: An operator with WAF/Log access can silently harvest secrets at the trusted TLS termination point.
-
 ## References
 
 - [https://trustedsec.com/blog/azures-front-door-waf-wtf-ip-restriction-bypass](https://trustedsec.com/blog/azures-front-door-waf-wtf-ip-restriction-bypass)
 - [Skimming Credentials with Azure's Front Door WAF](https://trustedsec.com/blog/skimming-credentials-with-azures-front-door-waf)
 - [Azure WAF on Front Door monitoring and logging](https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-monitor)
 
-{{#include ../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
