WebApplicationFirewallPolicy

---

Resource Icon

Resource Overview

Azure WAF (Web Application Firewall) policies are a security feature in Microsoft Azure that help protect web applications from various attacks, including XSS (cross-site scripting), SQL injection, and other known or unknown exploits. WAF policies are a set of rules that determine how traffic is filtered through the WAF. They allow you to define lists of allowed and blocked traffic sources and configure custom rules and exceptions for specific traffic patterns. WAF policies can be applied to individual web applications or to an entire application gateway.

Associated Resources

Parent Resource

• Resource Group

Resource Setting Values

• managed_rule_set

  • type : The type of rule set for protecting against vulnerabilities - OWASP, Microsoft_BotManagerRuleSet
  • version : The version of the rule set

• managed_rule_group

  • type : The type of rule group - OWASP, Microsoft_BotManagerRuleSet
  • rule_group_name : The name of Rule group to use
  • disabled_rules : List of Rule IDs to disable

• exclusion

  • match_variable : The variable to be matched like a query string or request method - RequestArgNames, RequestCookieNames, RequestHeaderNames
  • selector : The value to be compared with value of Match variable through the operator
  • selector_match_operator : The operator to evaluate consistency -Contains, EndsWith, Equals, EqualsAny, StartsWith

• tag : Tag to categorize resources - up to 512 characters, key:value

---

Reference Materials

• Azure WebApplicationFirewallPolicy(Microsoft)
• Azure WebApplicationFirewallPolicy Price
• Azure WebApplicationFirewallPolicy(Terraform)