![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 70%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOA%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
289 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I am afraid I did not understand your question. Can you please be more specific.
All the Azure Custom Stories are listed in Azure case studies and customer stories.
There are no Individual Azure Product Level Filters (such as WAF) available as this would expose the customer's / partner's architecture and environment.
If you are interested in the features available with Azure WAF, you can refer the below docs:
- Azure Web Application Firewall
- What is Azure Web Application Firewall on Azure Application Gateway?
- Azure Web Application Firewall on Azure Front Door
WAF generally has 2 Modes:
- Detection
- Prevention
Features of a App Gateway WAF:
- SQL injection protection.
- Cross-site scripting protection.
- Protection against other common web attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion.
- Protection against HTTP protocol violations.
- Protection against HTTP protocol anomalies, such as missing host user-agent and accept headers.
- Protection against crawlers and scanners.
- Detection of common application misconfigurations (for example, Apache and IIS).
- Configurable request size limits with lower and upper bounds.
- Exclusion lists let you omit certain request attributes from a WAF evaluation. A common example is Active Directory-inserted tokens that are used for authentication or password fields.
- Create custom rules to suit the specific needs of your applications.
- Geo-filter traffic to allow or block certain countries/regions from gaining access to your applications.
- Protect your applications from bots with the bot mitigation ruleset.
- Inspect JSON and XML in the request body
Under AFD WAF, we have
- Custom-authored rules
- Azure-managed rule sets
- Bot protection rule set
Kindly let us know if this helps or you need further assistance on this issue.
Thanks,
Kapil