General availability: Feature enhancements to Azure Web Application Firewall (WAF)
Published date: December 15, 2022
Azure’s global Web Application Firewall (WAF) running on Azure Front Door, and Azure’s regional WAF running on Application Gateway, now support additional features that help organizations improve their security posture and make it easier to manage logging across resources.
- SQL injection (SQLi) and cross site scripting (XSS) detection queries: New Azure WAF analytics SQLi and XSS detection rule templates simplify the process of setting up automated detection and response with Microsoft’s security incident & event management (SIEM) service: Microsoft Sentinel. Learn more about using Microsoft Sentinel with Azure WAF, and about how to use the new SQLi and XSS detection queries.
- Azure policies for WAF logging: The regional WAF on Application Gateway and the global WAF running on Azure Front Door now have built-in Azure policies requiring resource logs and metrics. This allows organizations to enforce standards for WAF deployments to collect logs and metrics for further analysis and insights related to security events. Learn more: WAF and Azure Policy
In addition, Azure regional WAF on Application Gateway now has -
- Increased exclusion limit: CRS 3.2 or greater ruleset now supports exclusions limit up to 200, a 5x increase from older versions; allowing for greater customization on how the WAF handles managed rulesets. Learn more about the Application Gateway’s limits.
- Bot Manager ruleset exclusion rules: Exclusions are extended to Bot Manager Rule Set 1.0. Learn more: WAF exclusions.
- Uppercase transform on custom rules: You can now handle case sensitivity when creating custom WAF rules using uppercase transform in addition to the lowercase transform. Learn more about WAF custom rules.