<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Cost-Optimization on Morten Victor Nordbye</title><link>https://blog.nordbye.it/tags/cost-optimization/</link><description>Recent content in Cost-Optimization on Morten Victor Nordbye</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>© 2026 Morten Victor Nordbye</copyright><lastBuildDate>Thu, 16 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://blog.nordbye.it/tags/cost-optimization/index.xml" rel="self" type="application/rss+xml"/><item><title>Tuning Azure WAF Without Paying Log Analytics Prices</title><link>https://blog.nordbye.it/blog/lawless-waf/</link><pubDate>Thu, 16 Jul 2026 00:00:00 +0000</pubDate><guid>https://blog.nordbye.it/blog/lawless-waf/</guid><description>&lt;h1 class="relative group"&gt;Tuning Azure WAF Without Paying Log Analytics Prices
 &lt;div id="tuning-azure-waf-without-paying-log-analytics-prices" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#tuning-azure-waf-without-paying-log-analytics-prices" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h1&gt;
&lt;p&gt;Your Azure WAF just blocked a real customer. Not an attacker, a customer, whose perfectly valid request happened to trip a managed rule. Now you have to prove it was a false positive and write an exclusion that lets them through without punching a hole in the policy.&lt;/p&gt;</description><media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://blog.nordbye.it/blog/lawless-waf/featured.png"/></item></channel></rss>