Skip Navigation

Azure Web Application Firewall

A cloud-native web application firewall (WAF) service that provides powerful protection for web apps

Get better security for your web applications

Help protect your web apps from malicious attacks and common web vulnerabilities, such as SQL injection and cross-site scripting. With the cloud-native Azure web application firewall (WAF) service, deploy in minutes and only pay for what you use.

Protection for the top 10 Open Web Application Security Project (OWASP) security vulnerabilities

Deploy in minutes with improved security in a single click

Customized rules to meet your web app security requirements

Near real-time visibility and alerts through Azure Monitor

Enhance security with high availability and scale

Optimize performance with Azure Web Application Firewall deployed with Azure Front Door. Increase throughput for your global users with edge load balancing and application acceleration. Optimize your web app for high availability and scalability—with built-in auto-scaling and zone redundancy.

What is cloud-native Azure Network Security

Get managed rule sets to protect web apps

Help protect web applications from common vulnerabilities and exploits. Easily add and customize new rules to meet your application security requirements. Get a comprehensive list of web app firewall rule schemas and rules based on the OWASP core rule sets (CRS) 3.1/3.0.

Read the documentation

Deploy quickly to keep web apps protected

Easily deploy within minutes with no additional software required. Configure and enable Azure Web Application Firewall on your web application. Then, centrally define your rules and reuse them across all the web apps that you need to protect. Learn how to customize web application firewall rules in the Azure portal.

Read the documentation

Improve cost effectiveness for web app protection

Get competitive pricing for web application protection and pay only for what you use—with no minimum fees and no upfront commitments.

Why trust web application firewall to protect your applications?

Flexible, scalable pricing

With Azure Web Application Firewall, there is no upfront cost and pay only for what you use.

See Web Application Firewall pricing

Get started with Azure Web Application Firewall

Get instant access and a $200 credit by signing up for a free Azure account.

Learn how to quickly deploy the Azure Web Application Firewall with quickstart tutorials and documentation.

Documentation and resources


Check out the documentation to get started quickly. Understand Azure Web Application Firewall concepts, try out quickstarts, tutorials, and more.

Azure Web Application Firewall (WAF) documentation

WAF on Application Gateway Tutorial

Get started on protecting your web applications from common exploits and vulnerabilities.

WAF on Application Gateway Tutorial

WAF on Front Door Tutorial

Configure WAF policy on Azure Front Door with Bot Protection.

Tutorial on configuring WAF on Front Door

Related products for developers

App Service

Build, deploy, and scale web apps on a fully managed platform.

Learn more

Azure Firewall

Protect your apps with cloud-native firewalling capabilities—with built-in high availability, unrestricted cloud scalability, and zero maintenance.

Learn more

Azure DDoS Protection

Protect your applications from Distributed Denial of Service (DDoS) attacks.

Learn more

Trusted by companies of all sizes

Polycom gains scalability and access to global markets

This telecommunications leader uses the growing global network of Azure datacenters to achieve geo-redundancy and high levels of availability, delivering a great VC experience to users.


Global energy company gets an edge with low-latency, hub-and-spoke topology

Italian energy company, Eni, used hub-and-spoke architecture on Azure to get enterprise-grade controls and meet the security bar set by the enterprise.


Security DevOps company simplifies deployments with Azure

WhiteSource, a security DevOps-oriented company, uses the monitoring, availability, and scalability capabilities with Azure to simplify open-source usage management for security and compliance professionals worldwide.

WhiteSource Bolt

Azure Web Application Firewall updates, blogs, and announcements

Frequently asked questions about Azure Web Application Firewall

  • Azure Web Application Firewall is a cloud-native service that protects your web applications from bot attacks and common web vulnerabilities such as SQL injection and cross-site scripting.
  • Yes. For more information, see the documentation on customizing web application firewall rule groups and rules.
  • Yes. You can enable DDoS protection on the virtual network where the application gateway is deployed. This setting ensures that the Azure DDoS Protection service also protects the application gateway virtual IP (VIP).

Ready when you are—let’s set up your Azure free account.