Azure Web Application Firewall: WAF config versus WAF policy

Published Apr 16 2021 09:13 AM 4,864 Views
Microsoft

What is Web Application Firewall (WAF) config?

WAF config is the built-in method to configure WAF on Azure Application Gateway, and it is local to each individual Azure Application Gateway resource. When you create an Azure Application Gateway with either the WAF or the WAF_v2 SKU, you will see a new item on the menu blade called "Web application firewall" that displays WAF configuration options. 

 

The biggest drawback of using WAF config is that not all WAF settings are displayed in the portal UI. For example, you cannot configure or manage custom rules in the portal: you must use PowerShell or Azure CLI for that. Additionally, WAF config is a setting within an Azure Application Gateway resource. For this reason, each WAF config must be managed individually, and its configuration applies globally for everything within that specific Azure Application Gateway resource. WAF config does not exist on Azure Front Door.

 

Image: WAF config on Azure Application Gateway

 

wafconfig.png

 

 

What is WAF policy?

WAF policy is a standalone resource type. It is not a built-in configuration within the Azure Application Gateway resource. A WAF policy is managed independently, and it can be attached to either Azure Application Gateway or Azure Front Door resources. When checking the "Web application firewall" option on the menu blade for Azure Application Gateway or Azure Front Door, you will notice that it simply displays a link to the attached WAF policy, rather than the full WAF configuration settings. 

 

A benefit of using WAF policy for Azure Application Gateway or Azure Front Door is that all generally available WAF settings exist in the portal UI, such as exclusions, custom rules, managed rules and more. You can configure and visualize the WAF policy settings in the portal, in addition to PowerShell and Azure CLI. Another useful benefit of WAF policy when it comes to Azure Application Gateway is that it offers more granularity in scope. You can associate a WAF policy at a global level by assigning it to an Azure Application Gateway resource, at a website level by assigning it to an HTTP listener, or even at a URI level by assigning it to a specific route path. For example, you could use a global WAF policy to apply the baseline security controls that meet your organization's security policy and attach it to all your Azure Application Gateways. From there, based on individual application needs, you can apply a different WAF policy that contains more (or less) strict security controls at a website level or at a URI level.

 

Would you like more information on different WAF policy association levels for Azure Application Gateway? Refer to our Azure Web Application Firewall (WAF) policy overview documentation.

 

Image: WAF policy on Azure Application Gateway

wafpolappgw.png

 

Image: WAF policy on Azure Front Door

wafpolafd.png 

 

 

What types of rules are available in Azure WAF?

 

1. Azure-managed rule sets

The Azure-managed rulesets for Azure WAF on Azure Application Gateway and Azure Front Door are based on OWASP ModSecurity Core Rule Set (CRS). This set of rules protect your web applications against most top 10 OWASP web application security threats, such as SQL injection and cross-site scripting. 

 

When using Azure WAF with Azure Application Gateway, you will see the managed rule sets represented as OWASP_3.2 (Preview), OWASP_3.1, OWASP_3.0, and OWASP_2.2.9. Here, the Azure WAF uses the anomaly scoring mode, which  means all rules in these rule sets are evaluated for each request, and the request is only blocked when the anomaly scoring threshold is reached.

 

When using Azure WAF with Azure Front Door, you will see the managed rule sets represented as Microsoft_DefaultRuleSet_1.1 and DefaultRuleSet_1.0. The Microsoft_DefaultRuleSet_1.1 rule set includes Microsoft-authored rules in addition to the rules based on OWASP ModSecurity CRS. In this case, Azure WAF uses the traditional mode, which means that as soon as there is a rule match the WAF stops processing all other subsequent rules.

 

More information on Azure-managed rule sets for Azure WAF on Azure Application Gateway 

More information on Azure-managed rule sets for Azure WAF on Azure Front Door

 

2. Bot protection rule sets

Bot protection rule sets provide safety against bots doing scraping, scanning, and looking for vulnerabilities in your web application. These rule sets are powered by our own Microsoft Threat Intelligence feed, which is used by multiple Azure services, including Azure Firewall and Azure Security Center. 

 

When using Azure WAF with Azure Application Gateway, you will see the bot protection rule set represented as Microsoft_BotManagerRuleSet_0.1. This rule set can detect known bad bots based on IP reputation. 

 

When using Azure WAF with Azure Front Door, you will see the bot protection rule set represented as Microsoft_BotManagerRuleSet_1.0. This rule set can detect bad bots, good bots, and unknown bots based on IP reputation, user-agent headers, and other indicators that compose signatures managed by Microsoft.

 

More information on Bot protection rule set for Azure WAF on Azure Application Gateway

More information on Bot protection rule sets for Azure WAF on Azure Front Door

 

3. Custom rules

Azure WAF provides the ability to create custom rules. This allows you to either fine-tune your WAF policy or create rules with specific logic to address your unique application requirements. The rule conditions can be based on many variables, such as IPs, geolocation, request URIs, post arguments, and more. Custom rules can trigger based on a simple match for Azure WAF on Azure Application Gateway and Azure Front Door, or additionally, they can trigger based on rate-limiting thresholds for Azure WAF on Azure Front Door.

 

If you’d like to see some WAF custom rule examples, check out our blog post on Azure WAF Custom Rule Samples and Use Cases

More information on Custom rules for Azure WAF on Azure Application Gateway

More information on Custom rules for Azure WAF on Azure Front Door

 

What are the feature distinctions between WAF config and WAF policy?

As you can see based on the information we have shared this far, there are a few important differences between the capabilities of WAF depending on the associated resource type. You can consult these tables to get a quick comparison and make an informed decision when deploying Azure WAF.

 

In the table below, we’re sharing the feature availability on WAF config for Azure Application Gateway WAF and WAF_v2 SKUs.

 

WAF Config Features

WAF SKU

WAF_v2 SKU

OWASP_3.2 (Preview)

Unavailable

Available

OWASP_3.1

Unavailable

Available

OWASP_3.0

Available

Available

OWASP_2.2.9

Available

Available

Microsoft_BotManagerRuleSet_0.1

Unavailable

Available

Geo-Location Rules

Unavailable

Available

Per-Site Policy 

Unavailable

Available

Per-Uri Policy 

Unavailable

Available

 

In the table below, we are detailing the feature availability on WAF policy for Azure Application Gateway WAF_v2 and Azure Front Door. Note that WAF policy cannot be used with Azure Application Gateway WAF SKU.

 

WAF Policy Features

Azure Application Gateway (WAF_v2 SKU)

Azure Front Door

OWASP-Based Rule Set

Available

Available

Microsoft-Authored Rule Set

Unavailable

Available

Bot Protection Rule Set

Available

Available

Custom Rules with Geo-Location support

Available

Available

Custom Rules with Rate-Limiting support

Unavailable

Available

Per-Website WAF Policy 

Available

Available

Per-URI WAF Policy 

Available

Unavailable

 

Are there other key differences worth mentioning?

Here are a few more things to consider:

 

 

In this article, we provided a snapshot of the current Azure WAF feature set. We’d love to hear more from you. Feel free to leave comments below or let us know more about new features you need in our Microsoft Azure Feedback forum.

2 Comments

Thank you @camilamartins for Sharing with the community :stareyes:

Occasional Visitor

We are migrating from one generic WAF config to an application specific WAF Policy, as we have a bunch of rules disabled which we dont need disabled for other applications. This improves our security and enables us to do more fine grained blocking.

 

I must say, the whole policy part is supported, but is not totally done in the Application Gateway. If you activate a WAF policy rule for an application, that one becomes the default for the gateway. The notification you get when linking it is a bit vague and doesnt explain if you get any downtime when saving or what is being done to the previous default. The Application Gateway will then state that policy is used for everything, which is not the case if you have multiple. Microsoft could improve on the UI here. At the end though this does work fine, and there seems to be no downtime. The settings, when viewed from the policies, are correct.

%3CLINGO-SUB%20id%3D%22lingo-sub-2270525%22%20slang%3D%22en-US%22%3EAzure%20Web%20Application%20Firewall%3A%20WAF%20config%20versus%20WAF%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2270525%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%20font-size%3A%2020px%3B%22%3EWhat%20is%20Web%20Application%20Firewall%20(WAF)%20config%3F%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EWAF%20config%20is%20the%20built-in%20method%20to%20configure%20WAF%20on%20Azure%20Application%20Gateway%2C%20and%20it%20is%20local%20to%20each%20individual%20Azure%20Application%20Gateway%20resource.%20When%20you%20create%20an%20Azure%20Application%20Gateway%20with%20either%20the%20WAF%20or%20the%20WAF_v2%20SKU%2C%20you%20will%20see%20a%20new%20item%20on%20the%20menu%20blade%20called%20%22Web%20application%20firewall%22%20that%20displays%20WAF%20configuration%20options.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EThe%20biggest%20drawback%20of%20using%20WAF%20config%20is%20that%20not%20all%20WAF%20settings%20are%20displayed%20in%20the%20portal%20UI.%20For%20example%2C%20you%20cannot%20configure%20or%20manage%20custom%20rules%20in%20the%20portal%3A%20you%20must%20use%20PowerShell%20or%20Azure%20CLI%20for%20that.%20Additionally%2C%20WAF%20config%20is%20a%20setting%20within%20an%20Azure%20Application%20Gateway%20resource.%20For%20this%20reason%2C%20each%20WAF%20config%20must%20be%20managed%20individually%2C%20and%20its%20configuration%20applies%20globally%20for%20everything%20within%20that%20specific%20Azure%20Application%20Gateway%20resource.%20WAF%20config%20does%20not%20exist%20on%20Azure%20Front%20Door.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3E%3CEM%3EImage%3A%3C%2FEM%3E%3C%2FSTRONG%3E%3CEM%3E%26nbsp%3BWAF%20config%20on%20Azure%20Application%20Gateway%3C%2FEM%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CEM%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22wafconfig.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F272525i67CB96478E353891%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22wafconfig.png%22%20alt%3D%22wafconfig.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FEM%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2020px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EWhat%20is%20WAF%20policy%3F%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EWAF%20policy%20is%20a%20standalone%20resource%20type.%20It%20is%20not%20a%20built-in%20configuration%20within%20the%20Azure%20Application%20Gateway%20resource.%20A%20WAF%20policy%20is%20managed%20independently%2C%20and%20it%20can%20be%20attached%20to%20either%20Azure%20Application%20Gateway%20or%20Azure%20Front%20Door%20resources.%20When%20checking%20the%20%22Web%20application%20firewall%22%20option%20on%20the%20menu%20blade%20for%20Azure%20Application%20Gateway%20or%20Azure%20Front%20Door%2C%20you%20will%20notice%20that%20it%20simply%20displays%20a%20link%20to%20the%20attached%20WAF%20policy%2C%20rather%20than%20the%20full%20WAF%20configuration%20settings.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%20font-size%3A%2017px%3B%22%3EA%20benefit%20of%20using%20WAF%20policy%20for%20Azure%20Application%20Gateway%20or%20Azure%20Front%20Door%20is%20that%20all%20generally%20available%20WAF%20settings%20exist%20in%20the%20portal%20UI%2C%20such%20as%20exclusions%2C%20custom%20rules%2C%20managed%20rules%20and%20more.%20You%20can%20configure%20and%20visualize%20the%20WAF%20policy%20settings%20in%20the%20portal%2C%20in%20addition%20to%20PowerShell%20and%20Azure%20CLI.%20Another%20useful%20benefit%20of%20WAF%20policy%20when%20it%20comes%20to%20Azure%20Application%20Gateway%20is%20that%20it%20offers%20more%20granularity%20in%20scope.%20You%20can%20associate%20a%20WAF%20policy%20at%20a%20global%20level%20by%20assigning%20it%20to%20an%20Azure%20Application%20Gateway%20resource%2C%20at%20a%20website%20level%20by%20assigning%20it%20to%20an%20HTTP%20listener%2C%20or%20even%20at%20a%20URI%20level%20by%20assigning%20it%20to%20a%20specific%20route%20path.%20For%20example%2C%20you%20could%20use%20a%20global%20WAF%20policy%20to%20apply%20the%20baseline%20security%20controls%20that%20meet%20your%20organization's%20security%20policy%20and%20attach%20it%20to%20all%20your%20Azure%20Application%20Gateways.%20From%20there%2C%20based%20on%20individual%20application%20needs%2C%20you%20can%20apply%20a%20different%20WAF%20policy%20that%20contains%20more%20(or%20less)%20strict%20security%20controls%20at%20a%20website%20level%20or%20at%20a%20URI%20level.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CEM%3EWould%20you%20like%20more%20information%20on%20different%20WAF%20policy%20association%20levels%20for%20Azure%20Application%20Gateway%3F%20Refer%20to%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fpolicy-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Web%20Application%20Firewall%20(WAF)%20policy%20overview%3C%2FA%3E%20documentation.%3C%2FEM%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3E%3CEM%3EImage%3A%3C%2FEM%3E%3C%2FSTRONG%3E%3CEM%3E%26nbsp%3BWAF%20policy%20on%20Azure%20Application%20Gateway%3C%2FEM%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CEM%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22wafpolappgw.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F272526i0DF5AF211139791E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22wafpolappgw.png%22%20alt%3D%22wafpolappgw.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FEM%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3E%3CEM%3EImage%3A%3C%2FEM%3E%3C%2FSTRONG%3E%3CEM%3E%26nbsp%3BWAF%20policy%20on%20Azure%20Front%20Door%3C%2FEM%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22wafpolafd.png%22%20style%3D%22width%3A%20995px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F272527i47AC90EBE21462DE%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22wafpolafd.png%22%20alt%3D%22wafpolafd.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2020px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EWhat%20types%20of%20rules%20are%20available%20in%20Azure%20WAF%3F%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2018px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3E1.%20Azure-managed%20rule%20sets%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EThe%20Azure-managed%20rulesets%20for%20Azure%20WAF%20on%20Azure%20Application%20Gateway%20and%20Azure%20Front%20Door%20are%20based%20on%20%3CA%20href%3D%22https%3A%2F%2Fowasp.org%2Fwww-project-modsecurity-core-rule-set%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EOWASP%20ModSecurity%20Core%20Rule%20Set%20(CRS)%3C%2FA%3E.%20This%20set%20of%20rules%20protect%20your%20web%20applications%20against%20most%20top%2010%20OWASP%20web%20application%20security%20threats%2C%20such%20as%20SQL%20injection%20and%20cross-site%20scripting.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EWhen%20using%20Azure%20WAF%20with%20Azure%20Application%20Gateway%2C%20you%20will%20see%20the%20managed%20rule%20sets%20represented%20as%20OWASP_3.2%20(Preview)%2C%20OWASP_3.1%2C%20OWASP_3.0%2C%20and%20OWASP_2.2.9.%20Here%2C%20the%20Azure%20WAF%20uses%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fag-overview%23anomaly-scoring-mode%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eanomaly%20scoring%20mode%3C%2FA%3E%2C%20which%20%26nbsp%3Bmeans%20all%20rules%20in%20these%20rule%20sets%20are%20evaluated%20for%20each%20request%2C%20and%20the%20request%20is%20only%20blocked%20when%20the%20anomaly%20scoring%20threshold%20is%20reached.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EWhen%20using%20Azure%20WAF%20with%20Azure%20Front%20Door%2C%20you%20will%20see%20the%20managed%20rule%20sets%20represented%20as%20Microsoft_DefaultRuleSet_1.1%20and%20DefaultRuleSet_1.0.%20The%20Microsoft_DefaultRuleSet_1.1%20rule%20set%20includes%20Microsoft-authored%20rules%20in%20addition%20to%20the%20rules%20based%20on%20OWASP%20ModSecurity%20CRS.%20In%20this%20case%2C%20Azure%20WAF%20uses%20the%20traditional%20mode%2C%20which%20means%20that%20as%20soon%20as%20there%20is%20a%20rule%20match%20the%20WAF%20stops%20processing%20all%20other%20subsequent%20rules.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EMore%20information%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fapplication-gateway-crs-rulegroups-rules%3Ftabs%3Dowasp31%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure-managed%20rule%20sets%20for%20Azure%20WAF%20on%20Azure%20Application%20Gateway%3C%2FA%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EMore%20information%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fafds-overview%23azure-managed-rule-sets%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure-managed%20rule%20sets%20for%20Azure%20WAF%20on%20Azure%20Front%20Door%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2018px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3E2.%20Bot%20protection%20rule%20sets%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EBot%20protection%20rule%20sets%20provide%20safety%20against%20bots%20doing%20scraping%2C%20scanning%2C%20and%20looking%20for%20vulnerabilities%20in%20your%20web%20application.%20These%20rule%20sets%20are%20powered%20by%20our%20own%20Microsoft%20Threat%20Intelligence%20feed%2C%20which%20is%20used%20by%20multiple%20Azure%20services%2C%20including%20Azure%20Firewall%20and%20Azure%20Security%20Center.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EWhen%20using%20Azure%20WAF%20with%20Azure%20Application%20Gateway%2C%20you%20will%20see%20the%20bot%20protection%20rule%20set%20represented%20as%20Microsoft_BotManagerRuleSet_0.1.%20This%20rule%20set%20can%20detect%20known%20bad%20bots%20based%20on%20IP%20reputation.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EWhen%20using%20Azure%20WAF%20with%20Azure%20Front%20Door%2C%20you%20will%20see%20the%20bot%20protection%20rule%20set%20represented%20as%20Microsoft_BotManagerRuleSet_1.0.%20This%20rule%20set%20can%20detect%20bad%20bots%2C%20good%20bots%2C%20and%20unknown%20bots%20based%20on%20IP%20reputation%2C%20user-agent%20headers%2C%20and%20other%20indicators%20that%20compose%20signatures%20managed%20by%20Microsoft.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EMore%20information%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fbot-protection-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EBot%20protection%20rule%20set%20for%20Azure%20WAF%20on%20Azure%20Application%20Gateway%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EMore%20information%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fafds-overview%23bot-protection-rule-set-preview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EBot%20protection%20rule%20sets%20for%20Azure%20WAF%20on%20Azure%20Front%20Door%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2018px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3E3.%20Custom%20rules%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EAzure%20WAF%20provides%20the%20ability%20to%20create%20custom%20rules.%20This%20allows%20you%20to%20either%20fine-tune%20your%20WAF%20policy%20or%20create%20rules%20with%20specific%20logic%20to%20address%20your%20unique%20application%20requirements.%20The%20rule%20conditions%20can%20be%20based%20on%20many%20variables%2C%20such%20as%20IPs%2C%20geolocation%2C%20request%20URIs%2C%20post%20arguments%2C%20and%20more.%20Custom%20rules%20can%20trigger%20based%20on%20a%20simple%20match%20for%20Azure%20WAF%20on%20Azure%20Application%20Gateway%20and%20Azure%20Front%20Door%2C%20or%20additionally%2C%20they%20can%20trigger%20based%20on%20rate-limiting%20thresholds%20for%20Azure%20WAF%20on%20Azure%20Front%20Door.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EIf%20you%E2%80%99d%20like%20to%20see%20some%20WAF%20custom%20rule%20examples%2C%20check%20out%20our%20blog%20post%20on%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fwafcustom-techcommunity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20WAF%20Custom%20Rule%20Samples%20and%20Use%20Cases%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EMore%20information%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fcustom-waf-rules-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECustom%20rules%20for%20Azure%20WAF%20on%20Azure%20Application%20Gateway%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EMore%20information%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fwaf-front-door-custom-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECustom%20rules%20for%20Azure%20WAF%20on%20Azure%20Front%20Door%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2020px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EWhat%20are%20the%20feature%20distinctions%20between%20WAF%20config%20and%20WAF%20policy%3F%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EAs%20you%20can%20see%20based%20on%20the%20information%20we%20have%20shared%20this%20far%2C%20there%20are%20a%20few%20important%20differences%20between%20the%20capabilities%20of%20WAF%20depending%20on%20the%20associated%20resource%20type.%20You%20can%20consult%20these%20tables%20to%20get%20a%20quick%20comparison%20and%20make%20an%20informed%20decision%20when%20deploying%20Azure%20WAF.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EIn%20the%20table%20below%2C%20we%E2%80%99re%20sharing%20the%20feature%20availability%20on%20WAF%20config%20for%20Azure%20Application%20Gateway%20WAF%20and%20WAF_v2%20SKUs.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20style%3D%22width%3A%20100.0%25%3B%20border-collapse%3A%20collapse%3B%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EWAF%20Config%20Features%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-left%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EWAF%20SKU%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-left%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EWAF_v2%20SKU%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EOWASP_3.2%20(Preview)%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EOWASP_3.1%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EOWASP_3.0%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EOWASP_2.2.9%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EMicrosoft_BotManagerRuleSet_0.1%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EGeo-Location%20Rules%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%20height%3A%2022.5pt%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EPer-Site%20Policy%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2058.18%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EPer-Uri%20Policy%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.42%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2021.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EIn%20the%20table%20below%2C%20we%20are%20detailing%20the%20feature%20availability%20on%20WAF%20policy%20for%20Azure%20Application%20Gateway%20WAF_v2%20and%20Azure%20Front%20Door.%20Note%20that%20WAF%20policy%20cannot%20be%20used%20with%20Azure%20Application%20Gateway%20WAF%20SKU.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20style%3D%22width%3A%20100.0%25%3B%20border-collapse%3A%20collapse%3B%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EWAF%20Policy%26nbsp%3BFeatures%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-left%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAzure%20Application%20Gateway%20(WAF_v2%20SKU)%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-left%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAzure%20Front%20Door%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EOWASP-Based%20Rule%20Set%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EMicrosoft-Authored%20Rule%20Set%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EBot%20Protection%20Rule%20Set%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3ECustom%20Rules%20with%20Geo-Location%26nbsp%3Bsupport%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3ECustom%20Rules%20with%20Rate-Limiting%20support%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EPer-Website%20WAF%20Policy%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2046.86%25%3B%20border%3A%20solid%20black%201.0pt%3B%20border-top%3A%20none%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EPer-URI%20WAF%20Policy%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2032.38%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2020.76%25%3B%20border-top%3A%20none%3B%20border-left%3A%20none%3B%20border-bottom%3A%20solid%20black%201.0pt%3B%20border-right%3A%20solid%20black%201.0pt%3B%20padding%3A%200in%200in%200in%200in%3B%22%3E%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EUnavailable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2020px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2020px%3B%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EAre%20there%20other%20key%20differences%20worth%20mentioning%3F%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EHere%20are%20a%20few%20more%20things%20to%20consider%3A%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3ERule%20actions%20for%20custom%20rules%3A%3C%2FSTRONG%3E%20In%20a%20WAF%20policy%20for%20Azure%20Front%20Door%2C%20rule%20actions%20can%20be%20set%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fwaf-front-door-custom-rules%23priority-match-conditions-and-action-types%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAllow%2C%20Deny%2C%20Log%20or%20Redirect%3C%2FA%3E.%20In%20a%20WAF%20policy%20for%20Azure%20Application%20Gateway%2C%20rule%20actions%20can%20be%20set%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fcustom-waf-rules-overview%23action-required%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAllow%2C%20Block%20or%20Log%3C%2FA%3E.%20Redirect%20is%20not%20an%20available%20rule%20action%20for%20the%20latter.%3C%2FSPAN%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3ERule%20actions%20for%20managed%20rules%3A%3C%2FSTRONG%3E%20In%20a%20WAF%20policy%20for%20Azure%20Front%20Door%2C%20rule%20actions%20can%20be%20set%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fafds-overview%23waf-actions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAllow%2C%20Deny%2C%20Log%20or%20Redirect%3C%2FA%3E.%20In%20a%20WAF%20policy%20for%20Azure%20Application%20Gateway%2C%20rules%20can%20be%20either%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fapplication-gateway-customize-waf-rules-portal%23disable-rule-groups-and-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eenabled%20or%20disabled%3C%2FA%3E.%20It%20is%20not%20possible%20to%20change%20the%20rule%20action.%3C%2FSPAN%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3ETypes%20of%20custom%20rules%3A%3C%2FSTRONG%3E%20In%20a%20WAF%20policy%20for%20Azure%20Front%20Door%2C%20you%20can%20create%20custom%20rules%20based%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fafds-overview%23custom-authored-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMatch%20type%20or%20Rate%20Limit%20type%3C%2FA%3E.%20Rate-limiting%20custom%20rules%20allow%20you%20to%20respond%20to%20abnormally%20high%20traffic%20from%20any%20given%20source%20IP%2C%20based%20on%20a%20customized%20quantity%20of%20web%20requests%20within%20a%20time%20frame.%20In%20a%20WAF%20policy%20for%20Azure%20Application%20Gateway%2C%20you%20can%20configure%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fcustom-waf-rules-overview%23rule-type-required%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMatch%20type%3C%2FA%3E%20custom%20rules%2C%20and%20rate-limiting%20type%20is%20not%20available.%3C%2FSPAN%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%3CSTRONG%3EExclusion%20lists%3A%3C%2FSTRONG%3E%20In%20a%20WAF%20policy%20for%20Azure%20Front%20Door%2C%20you%20can%20create%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fwaf-front-door-tuning%2523using-exclusion-lists%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eexclusion%20lists%20at%20a%20rule%20level%2C%20at%20a%20rule%20group%20level%2C%20and%20at%20a%20rule%20set%20level.%3C%2FA%3E%20You%20can%20apply%20exclusions%20for%20matches%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fafds%2Fwaf-front-door-exclusion%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Erequest%20header%20name%2C%20request%20cookie%20name%2C%20query%20string%20args%20name%20and%20request%20body%20post%20args%20name%3C%2FA%3E%2C%20and%20the%20exclusions%20can%20be%20applied%20to%20specific%20rules%2C%20rule%20groups%20or%20rule%20sets.%20In%20a%20WAF%20policy%20for%20Azure%20Application%20Gateway%2C%20the%20exclusions%20are%20a%20global%20setting.%20This%20means%20the%20exclusions%20will%20apply%20to%20all%20active%20rules%20within%20the%20scope%20of%20your%20WAF%20policy.%20You%20can%20apply%20exclusions%20for%20matches%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fapplication-gateway-waf-configuration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Erequest%20header%20name%2C%20request%20cookie%20name%20and%20request%20args%20name%3C%2FA%3E.%20You%20could%20alternatively%20apply%20a%20dedicated%20WAF%20policy%20at%20different%20association%20levels%20in%20your%20Azure%20Application%20Gateway%2C%20using%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fpolicy-overview%23per-site-waf-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eper-site%20WAF%20policy%3C%2FA%3E%20or%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fweb-application-firewall%2Fag%2Fpolicy-overview%23per-uri-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eper-URI%20WAF%20policy%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2017px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%2C%20sans-serif%3B%22%3EIn%20this%20article%2C%20we%20provided%20a%20snapshot%20of%20the%20current%20Azure%20WAF%20feature%20set.%20We%E2%80%99d%20love%20to%20hear%20more%20from%20you.%20Feel%20free%20to%20leave%20comments%20below%20or%20let%20us%20know%20more%20about%20new%20features%20you%20need%20in%20our%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fazurefeedback%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Azure%20Feedback%3C%2FA%3E%20forum.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2270525%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EIn%20this%20blog%2C%20we%20will%20explore%20the%20feature%20variations%20when%20deploying%20Azure%20Web%20Application%20Firewall%20(WAF)%20on%20Azure%20Application%20Gateway%20using%20WAF%20config%20or%20WAF%20policy.%20We%20will%20also%20show%20how%20WAF%20policies%20differ%20between%20Azure%20WAF%20for%20Azure%20Front%20Door%20and%20Azure%20Application%20Gateway%20deployments.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2270525%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Application%20Gateway%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Front%20Door%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Network%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20WAF%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2277670%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Web%20Application%20Firewall%3A%20WAF%20config%20versus%20WAF%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2277670%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20migrating%20from%20one%20generic%20WAF%20config%20to%20an%20application%20specific%20WAF%20Policy%2C%20as%20we%20have%20a%20bunch%20of%20rules%20disabled%20which%20we%20dont%20need%20disabled%20for%20other%20applications.%20This%20improves%20our%20security%20and%20enables%20us%20to%20do%20more%20fine%20grained%20blocking.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20must%20say%2C%20the%20whole%20policy%20part%20is%20supported%2C%20but%20is%20not%20totally%20done%20in%20the%20Application%20Gateway.%20If%20you%20activate%20a%20WAF%20policy%20rule%20for%20an%20application%2C%20that%20one%20becomes%20the%20default%20for%20the%20gateway.%20The%20notification%20you%20get%20when%20linking%20it%20is%20a%20bit%20vague%20and%20doesnt%20explain%20if%20you%20get%20any%20downtime%20when%20saving%20or%20what%20is%20being%20done%20to%20the%20previous%20default.%20The%20Application%20Gateway%20will%20then%20state%20that%20policy%20is%20used%20for%20everything%2C%20which%20is%20not%20the%20case%20if%20you%20have%20multiple.%20Microsoft%20could%20improve%20on%20the%20UI%20here.%20At%20the%20end%20though%20this%20does%20work%20fine%2C%20and%20there%20seems%20to%20be%20no%20downtime.%20The%20settings%2C%20when%20viewed%20from%20the%20policies%2C%20are%20correct.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2277155%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Web%20Application%20Firewall%3A%20WAF%20config%20versus%20WAF%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2277155%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F629915%22%20target%3D%22_blank%22%3E%40camilamartins%3C%2FA%3E%26nbsp%3Bfor%20Sharing%20with%20the%20community%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%40A027B0AAF3CA617A1E2E22C4E761B2FE%2Fimages%2Femoticons%2Fstareyes_40x40.gif%22%20alt%3D%22%3Astareyes%3A%22%20title%3D%22%3Astareyes%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Apr 19 2021 06:43 AM
Updated by:
www.000webhost.com