I have been using Azure Front Door (non-preview version) with WAF on managed ruleset. Now I am trying out the new Standard SKU (preview) and very surprised that I cannot integrate managed ruleset WAF with this SKU. I can only set WAF rules one by one. This does not make any sense. Is it possible to use managed ruleset WAF on Front Door Standard SKU?
Am I wrong or users are forced to use the Premium SKU that includes WAF? The price difference is quite big.
Let me breakdown the cost. (Southeast Asia region)
Azure Front Door (non-preview version) with WAF managed ruleset (5 routing rules per month, excludes data transfer cost)
Front Door: 5*0.03*720 = 108 USD
WAF: 5 + 20 = 25 USD
Total: 108 + 25 = 133 USD
Azure Front Door (non-preview version) with WAF managed ruleset (9 routing rules per month, excludes data transfer cost)
Front Door: (5*0.03*720) + (4*0.012*720) = 142.56 USD
WAF: 5 + 20 = 25 USD
Total: 142.56 + 25 = 167.56 USD
Azure Front Door Standard SKU (excludes data transfer and requests cost)
Front Door: 17.50 USD
WAF: 5 + 20 = 25 USD
Total: 17.50 + 25 = 42.50 USD >> This would be great if it's possible
Azure Front Door Premium SKU (excludes data transfer and requests cost)
Front Door: 165 USD (price is discounted at 50% during preview. After GA it would be 330 USD per month?)
You can see that Premium SKU will be worth it when we have more than 8 routing rules on the non-preview tier, or more than 27 routing rules after Premium SKU is GA. Which I think is not flexible as people tend to start small and grow more rules over time. Also, it seems that we cannot easily switch from Standard SKU to Premium SKU; this is annoying as we are forced to use Premium SKU since the first day.
Am I mistaken at any point? I understand that with current pricing model, customers cannot switch between tiers/SKU and must choose the most expensive SKU since the first day if they plan to grow in the future.
I know Premium SKU includes Private Link support and other security features. But what if customers just want CDN with WAF to serve their websites and they happen to have multiple rules?
Extra question: why should customers pay for Azure Front Door if they can use Cloudflare on Pro plan that offers CDN with WAF for only $20 per month? Cloudflare doesn't even charge the data transfer fee.
Thanks.