Azure Web Application Firewall
A cloud-native web application firewall (WAF) service that provides powerful protection for web apps.
Improve security for your web applications
Azure Web Application Firewall is a cloud-native service that protects web apps from common web-hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting. Deploy the service in minutes to get complete visibility into your environment and block malicious attacks.
Comprehensive protection for the Open Web Application Security Project (OWASP) top 10 security risks
Custom and managed rule sets to prevent malicious attacks at the edge
Real-time visibility into your environment and security alerts
Full REST API support to automate DevOps processes
Protect web apps with managed rule sets
Protect your web applications in just a few minutes with the latest managed and preconfigured rule sets. The Azure Web Application Firewall detection engine combined with updated rule sets increases security, reduces false positives, and improves performance.
Meet security requirements with agentless deployment
Easily deploy Azure Web Application Firewall security with no additional software agent required. Centrally define and customize rules to meet your security requirements, then apply them to protect all your web apps.
Improve visibility into security and analytics
Experience seamless integration with security information event management (SIEM) tools in Azure. Access prebuilt workbooks with Microsoft Sentinel and modify them to fit your organization's needs.
Achieve organizational compliance fast
Use Azure Policy to help enforce organizational standards and assess compliance at scale for Web Application Firewall resources. Get an aggregated view to evaluate the overall state of your environment.
Improve security and optimize performance at the edge
Deploy Azure Web Application Firewall in Azure Front Door for advanced security, scalability, and accelerated delivery of apps to global users.
Monitor security alerts and logs
Use Azure Monitor to track diagnostic information including security alerts and logs that provide detailed reporting on detected threats.
Comprehensive security and compliance, built in
-
Microsoft invests more than USD 1 billion annually on cybersecurity research and development.
-
We employ more than 3,500 security experts who are dedicated to data security and privacy.
-
Azure has more certifications than any other cloud provider. View the comprehensive list.
-
Azure Web Application Firewall pricing
There are no upfront costs to use Azure Web Application Firewall—pay for only what you use.
Get started with an Azure free account
1
2
After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.
3
Azure Web Application firewall resources and documentation
Resources
Tutorial: Create an application gateway with Azure Web Application Firewall in the Azure portal
Tutorial: Create a Web Application Firewall policy for Azure Front Door in the Azure portal
Introduction to Azure Web Application Firewall learning module
Introduction to Secure Application Delivery with Azure network security learning module
Frequently asked questions about Azure Web Application Firewall
-
Azure Web Application Firewall is a cloud-native service that protects your web applications from bot attacks and common web vulnerabilities such as SQL injection and cross-site scripting.
-
Yes. Learn how to customize Web Application Firewall rules in the Azure portal.
-
Yes. Enable DDoS protection on Azure Virtual Network where Azure Application Gateway is deployed. This ensures that the Azure DDoS protection service also protects the application gateway virtual IP (VIP).