Azure Web Application Firewall
A cloud-native web application firewall (WAF) service that provides powerful protection for web apps.
Improve security for your web applications
Azure Web Application Firewall is a cloud-native service that protects web apps from common web-hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting. Deploy the service in minutes to get complete visibility into your environment and block malicious attacks.
Comprehensive protection for the Open Web Application Security Project (OWASP) top 10 security risks
Custom and managed rule sets to prevent malicious attacks at the edge
Real-time visibility into your environment and security alerts
Full REST API support to automate DevOps processes
Protect web apps with managed rule sets
Meet security requirements with agentless deployment
Improve visibility into security and analytics
Achieve organizational compliance fast
Improve security and optimize performance at the edge
Deploy Azure Web Application Firewall in Azure Front Door for advanced security, scalability, and accelerated delivery of apps to global users.
Monitor security alerts and logs
Use Azure Monitor to track diagnostic information including security alerts and logs that provide detailed reporting on detected threats.
Comprehensive security and compliance, built in
Microsoft invests more than $1 billion annually on cybersecurity research and development.
We employ more than 3,500 security experts who are dedicated to data security and privacy.
Azure Web Application Firewall pricing
There are no upfront costs to use Azure Web Application Firewall—pay for only what you use.
Get started with an Azure free account
Start free. Get $200 credit to use within 30 days. While you have your credit, get free amounts of many of our most popular services, plus free amounts of 55+ other services that are always free.
After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.
After 12 months, you'll keep getting 55+ always-free services—and still pay only for what you use beyond your free monthly amounts.
Trusted by companies of all sizes
“In our on-premises environment, each security layer was standalone, presented in several dashboards. In Azure, we wanted to focus not only on the available solutions, but also combining their functionalities into a single easy-to-deploy, easy-to-manage, highly secure environment.”
André Beerendonk, Team Manager for IT Operations, VECOZO
“We need providers like Microsoft that we can trust so we can focus on the business. We use Azure DDoS Protection Standard and Azure Web Application Firewall on Azure Application Gateway to protect our business-critical workloads and data streams across our environment.”
Marius Matonis, Senior Technical Lead, Elvia
"Understanding the inner workings of a firewall is not our expertise, and with Azure Firewall Premium, it doesn't have to be. We use Azure Firewall Premium to protect Dematic and our customers around the clock, and we can depend on it."
Brandon Bates, Principal Architect, Dematic
Polycom gains scalability and access to global markets
Telecommunications leader Polycom uses the growing global network of Azure datacenters to achieve geo-redundancy and high levels of availability to deliver a great videoconferencing experience for users.
Eni gets a competitive edge with hub-and-spoke topology
Italian energy company Eni uses low-latency hub-and-spoke architecture on Azure to enable enterprise-grade controls and meet its high security bar.
NCR Corporation manages security with Azure Security Center
Tech services company NCR Corporation uses Azure Security Center as one of the most critical security tools for managing its Azure ecosystem. The single pane of glass provides an overview of security across Azure cloud deployments in real time.
Azure Web Application firewall resources and documentation
Tutorial: Create an application gateway with Azure Web Application Firewall in the Azure portal
Tutorial: Create a Web Application Firewall policy for Azure Front Door in the Azure portal
Introduction to Azure Web Application Firewall learning module
Introduction to Secure Application Delivery with Azure network security learning module
Frequently asked questions about Azure Web Application Firewall
Azure Web Application Firewall is a cloud-native service that protects your web applications from bot attacks and common web vulnerabilities such as SQL injection and cross-site scripting.
Yes. Enable DDoS protection on Azure Virtual Network where Azure Application Gateway is deployed. This ensures that the Azure DDoS protection service also protects the application gateway virtual IP (VIP).