Generally available: Enhancements to Azure Web Application Firewall
Published date: 03 May, 2022
Azure Web Application Firewall (WAF) is a cloud-native, self-managed security service that protects your applications and APIs running in Azure or anywhere else – from the network edge to the cloud. We offer two options – global WAF integrated with Azure Front Door and regional WAF integrated with Azure Application Gateway - for deploying Azure WAF for your applications and APIs.
On March 29, we announced the general availability of managed Default Rule Set 2.0 with anomaly scoring, Bot Manager 1.0, and security reports on global WAF. Today, we are excited to share the general availability of additional features on regional WAF. Take advantage of the latest Azure WAF enhancements that offer you better security, improved scale, easier deployment, and better management of your applications and APIs:
- Reduced false positives with Core Rule Set 3.2 integrated with Azure Application Gateway. The older CRS 2.2.9 ruleset is being phased out in favor of the newer rulesets.
- Improved performance and scale with the next generation of WAF engine, released with CRS 3.2
- Increased size limits on regional WAF for body inspection up to 2MB and file upload up to 4GB
- Advanced customization with per rule exclusion and attribute by names support on regional WAF
- Native consistent experience with WAF policy – new deployments of Application Gateway v2 WAF SKU now natively utilizes WAF policies instead of configuration
- Advanced analytics capabilities with new Azure Monitor metrics on regional WAF