Web Application Firewall documentation

Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities. You can deploy WAF on Azure Application Gateway or WAF on Azure Front Door Service.

• Azure Web Application Firewall documentation
• Get started
  • What is Azure Web Application Firewall?
  • Application Gateway
    • Web Application Firewall on Application Gateway
    • FAQ
  • Front Door
    • Web Application Firewall on Azure Front Door
    • FAQ
  • Azure CDN
    • Web Application Firewall on Azure CDN
  • What is Azure network security?
• Deploy
  • Application Gateway
    • Create Web Application Firewall
      • Azure portal
      • Azure PowerShell
      • Azure CLI
    • Create Web Application Firewall v2 - ARM template
    • Create Web Application Firewall v2 - Bicep
    • Create Web Application Firewall v2 – Terraform
  • Front Door
    • Create WAF policy - portal
    • Configure WAF policy - PowerShell
• Configure
  • Application Gateway
    • WAF policy
      • Overview
      • Create WAF policy
      • Per-site policies
      • Associate a policy with an existing Application Gateway
      • Upgrade WAF
        • Upgrade to WAF policy
        • Upgrade using PowerShell
    • Managed rules
      • Overview
      • Exclusion lists
      • Customize managed rules
        • Azure portal
        • Azure PowerShell
        • Azure CLI
    • Bot protection
      • Overview
      • Configure bot protection
    • Custom rules
      • Overview
      • Geomatch custom rules
      • Rate limiting
      • Configure WAF v2 custom rule - PowerShell
      • Custom rule examples
      • Create rate limiting rules
      • Use geomatch custom rules to enhance network security
    • Request size limits
    • WAF engine
  • Front Door
    • Policy settings
    • Configure custom response code
    • Managed rules
      • Overview
      • Exclusion lists
      • Configure exclusion lists
    • Configure bot protection
    • Custom rules
      • Overview
      • Rate limiting
      • Geo-filtering
      • Configure rate limit
      • Configure a geo-filtering WAF policy
      • Configure IP restrictions
      • Use geomatch custom rules to enhance network security
    • Tuning
  • Use Azure Policy
  • Configure policies using Firewall Manager
  • Protect APIs hosted in APIM
  • Protect Azure OpenAI
• Secure
  • Security baseline
  • Azure Network Security Blog
  • Sensitive Data Protection
    • Application Gateway
      • Overview
      • Mask sensitive data
    • Front Door
      • Overview
      • Mask sensitive data
  • Microsoft Sentinel
    • Using Microsoft Sentinel with Web Application Firewall
    • Detect new threats using Microsoft Sentinel
    • Automated detection and response
  • Application DDoS protection
  • Microsoft Security Copilot
  • JavaScript challenge
  • CAPTCHA challenge
• Operational excellence
  • Application Gateway
    • Best practices
    • Monitoring and logging
    • Resource logs
    • Log Analytics
    • Troubleshoot
  • Front Door
    • Best practices
    • Monitoring and logging
• Reference
  • Azure PowerShell
    • Front Door
    • Application Gateway
    • CDN
  • Azure CLI
    • Front Door
    • Application Gateway
    • CDN
  • REST API
    • Front Door
    • Application Gateway
  • .NET
  • Java
  • Node.js
  • Python
• Resources
  • Microsoft Q&A
  • Azure Networking Blog
  • Azure support
  • Pricing
  • Service updates
  • SLA
  • Regional availability
  • Stack Overflow