web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    
  <location path="." inheritInChildApplications="false">
    <system.webServer>

      <!- Creating Rewrite rules -->
      <rewrite>
        <outboundRules>
        
          <!-- Some example outbound rules, i.e. the following one sets 0 (zero) instead of the IIS versions in response header -->
          <rule name="removingserverheader" enabled="true">          
            <match serverVariable="RESPONSE_SERVER" pattern=".*" />
            <action type="Rewrite" value="0" />
          </rule>
          <!-- The following rule, sets 0 (zero) for the x-powered-by asp.net header in response -->
          <rule name="removingxpowered" enabled="true">
            <match serverVariable="RESPONSE_X_Powered_By" pattern=".*" />
            <action type="Rewrite" value="0" />
          </rule>   
          
          <!-- The below rule captures a 302 (redirect) response with 'Location' response header contains an outbound URL (coming from the web app) 
               that has 'signin-oidc' in the path.  When there are 'signin-oidc' present into the path, it will match the regular expression
               and rewrite the Location header with the hostname that comes from your front-door/application gateway URL. The notion {R:2} preserves any following
               query parameters or sub path that was present in the original URL -->
          <rule name="changeURI" enabled="true">
            <match serverVariable="RESPONSE_Location" pattern="^(.*)/signin-oidc(.+)" ignoreCase="true" />
            <action type="Rewrite" value="https://my-waf.azureafd.net/signin-oidc{R:2}" />
          </rule>
          
        </outboundRules>
      </rewrite>      
      
    </system.webServer>
  </location>
</configuration>