Skip to main content

General availability: Per Rule Actions on regional Web Application Firewall

Published date: 15 November, 2022

Azure’s regional Web Application Firewall (WAF) with Application Gateway running the Bot Protection rule set and Core Rule Set (CRS) 3.2 or higher now supports setting actions on a rule-by-rule basis. This gives you greater flexibility when deciding how the WAF handles a request that matches a rule’s conditions. The following per rule actions are supported:

  • Allow: The request passes through the WAF and is forwarded to the back end. No further lower priority rules can block this request.
  • Block: The request is blocked and WAF sends a response to the client without forwarding the request to the back end.
  • Log: Request is logged in the WAF logs and WAF continues evaluating lower priority rules.
  • Anomaly Scoring: This is the default action for the Core Rule Set where total anomaly score is incrementally increased when a rule with this action is matched. 

To learn more about per rule action, please visit the regional WAF documentation.

  • Web Application Firewall
  • Application Gateway
  • Features
  • Security