WebApplicationFirewallPolicy

Resource Icon

Resource Overview

Web Application Firewall Policy is a web firewall policy applied to services such as Application Gateway (WAF), providing centralized management of detection and blocking rules based on OWASP rule sets.
By using managed rule groups (OWASP/Bot Manager) and exclusions, it allows tuning protection levels against web attacks (such as SQLi and XSS) while reducing false positives.

Associated Resources

Parent Resources

ResourceGroup

Connected Resources

ApplicationGateway

Resource Configuration

owasp_version : Version of the OWASP rule set
microsoft_bot_manager_rule_set_version : Version of the Microsoft Bot Manager rule set
tag : Tags used to categorize resources

Managed Rule Group (`managed_rule_group`)

managed_rule_group.type : Type of the rule set - OWASP, Microsoft_BotManagerRuleSet
managed_rule_group.rule_group_name : Name of the rule group to use
managed_rule_group.disabled_rules : List of rule IDs to disable

Exclusion (`exclusion`)

exclusion.match_variable : Variable to match - RequestArgNames, RequestCookieNames, RequestHeaderNames
exclusion.selector : Value to compare against the match variable
exclusion.selector_match_operator : Operator used to evaluate matches - Contains, EndsWith, Equals, EqualsAny, StartsWith

Resource Icon​

Resource Overview​

Associated Resources​

Parent Resources​

Connected Resources​

Resource Configuration​

Managed Rule Group (managed_rule_group)​

Exclusion (exclusion)​

References​