question

KrzysztofMadej avatar image
0 Votes"
KrzysztofMadej asked KrzysztofMadej commented

Is it possible to have `ApplicationGatewayFirewallLog` for disabled rules on Application Gateway WAF in Prevention mode

Application Gateway with WAF in Detection mode logs each matched rule. However, in Prevention mode it catches only rules which are enabled. It makes sense somehow, because we don't want to have disabled rules evaluated in prevention mode, however I want to know if there are requestes which violate rules which are disabled. This is really important to monitor and adjust rule set.

So to sum up I would like to find a way to have Prevention mode for enabled rules and Detection mode for disabled rules.

azure-application-gatewayazure-web-application-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LuisRodriguez-MSFT avatar image
0 Votes"
LuisRodriguez-MSFT answered KrzysztofMadej commented

Hello @KrzysztofMadej

Welcome to Microsoft Q&A Platform.

Firewall logs are based in the Rule ID of the triggering event so if the rule is disabled it won't appear in the logs:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs#firewall-log

If you think that this feature would be useful you can raise a request via Azure Feedback portal:
https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789

I hope this helps!


Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for replying. You just confiremd what I suspected.

1 Vote 1 ·