Azure Web Application Firewall
A cloud-native web application firewall (WAF) service that provides powerful protection for web apps
Get better security for your web applications
Help protect your web apps from malicious attacks and common web vulnerabilities, such as SQL injection and cross-site scripting. With the cloud-native Azure web application firewall (WAF) service, deploy in minutes and only pay for what you use.
Protection for the top 10 Open Web Application Security Project (OWASP) security vulnerabilities
Deploy in minutes with improved security in a single click
Customised rules to meet your web app security requirements
Near real-time visibility and alerts through Azure Monitor
Enhance security with high availability and scale
Optimise performance with Azure Web Application Firewall deployed with Azure Front Door. Increase throughput for your global users with edge load balancing and application acceleration. Optimise your web app for high availability and scalability—with built-in auto-scaling and zone redundancy.What is cloud-native Azure Network Security
Get managed rule sets to protect web apps
Help protect web applications from common vulnerabilities and exploits. Easily add and customise new rules to meet your application security requirements. Get a comprehensive list of web app firewall rule schemas and rules based on the OWASP core rule sets (CRS) 3.1/3.0.Read the documentation
Deploy quickly to keep web apps protected
Easily deploy within minutes with no additional software required. Configure and enable Azure Web Application Firewall on your web application. Then, centrally define your rules and reuse them across all the web apps that you need to protect. Learn how to customise web application firewall rules in the Azure portal.Read the documentation
Improve cost effectiveness for web app protection
Get competitive pricing for web application protection and pay only for what you use—with no minimum fees and no upfront commitments.
Why trust web application firewall to protect your applications?
Microsoft invests more than USD1 billion annually on cybersecurity research and development.
We employ more than 3,500 security experts who are completely focused on securing your data and privacy.
Azure WAF is integrated with Azure Security Center
Flexible, scalable pricing
With Azure Web Application Firewall, there is no upfront cost and pay only for what you use.See Web Application Firewall pricing
Get started with Azure Web Application Firewall
Documentation and resources
Check out the documentation to get started quickly. Understand Azure Web Application Firewall concepts, try out quickstarts, tutorials and more.Azure Web Application Firewall (WAF) documentation
WAF on Application Gateway Tutorial
Get started on protecting your web applications from common exploits and vulnerabilitiesWAF on Application Gateway Tutorial
WAF on Front Door Tutorial
Configure WAF policy on Azure Front Door with Bot ProtectionTutorial on configuring WAF on Front Door
Related products for developers
Build, deploy and scale web apps on a fully managed platform.Learn More
Protect your apps with cloud-native firewalling capabilities—with built-in high availability, unrestricted cloud scalability and zero maintenance.Learn More
Azure DDoS Protection
Protect your applications from Distributed Denial of Service (DDoS) attacks.Learn More
Trusted by companies of all sizes
Polycom gains scalability and access to global markets
This telecommunications leader uses the growing global network of Azure datacenters to achieve geo-redundancy and high levels of availability, delivering a great VC experience to users.
Global energy company gets an edge with low-latency, hub-and-spoke topology
Italian energy company, Eni, used hub-and-spoke architecture on Azure to get enterprise-grade controls and meet the security bar set by the enterprise.
Security DevOps company simplifies deployments with Azure
WhiteSource, a security DevOps-oriented company, uses the monitoring, availability and scalability capabilities with Azure to simplify open-source usage management for security and compliance professionals worldwide.
Frequently asked questions about Azure Web Application Firewall
Azure Web Application Firewall is a cloud-native service that protects your web applications from bot attacks and common web vulnerabilities such as SQL injection and cross-site scripting.
Yes. For more information, see the documentation on customising web application firewall rule groups and rules.
Yes. You can enable DDoS protection on the virtual network where the application gateway is deployed. This setting ensures that the Azure DDoS Protection service also protects the application gateway virtual IP (VIP).