Skip to main content

Public preview: Sensitive data protection for Azure Front Door Web Application Firewall

Published date: May 14, 2024

Azure's global Web Application Firewall (WAF) integrated with Azure Front Door now supports sensitive data protection through log scrubbing in preview. When a request matches the criteria of a rule and triggers a WAF action, that event is captured within the WAF logs. WAF logs are stored as plain text for debuggability, and any matching patterns with sensitive customer data like IP address, passwords, and other personally identifiable information could potentially end up in logs as plain text. To help safeguard this sensitive data, you can now create log scrubbing rules that replace the sensitive data with "******".

Sensitive data protection using log scrubbing supports the creation of rules using the following variables:

  • Request Header Names
  • Request Cookie Names
  • Request Body Post Arg Names
  • Request Body Json Arg Names
  • Query String Arg Names
  • Request IP Address
  • Request URI

Learn more about log scrubbing rules.

Learn how to create your own log scrubbing rules for sensitive data protection.

  • Web Application Firewall
  • Azure Front Door
  • Features
  • Security