Trace Id is missing
Skip to main content
Azure
NOW AVAILABLE

Generally Available: Bot Manager Ruleset 1.1 on Azure WAF with Azure Application Gateway

Published date: Oct 31, 2024

A new bot protection rule set (Microsoft_BotManagerRuleSet_1.1) is now generally available for Azure Web Application Firewall (WAF) with Azure Application Gateway.

This updated ruleset enhances the existing Bot Manager 1.0 by introducing new bad bot and good bot rules. Bot signatures are dynamically managed and updated by Azure WAF. The new bad bot rule 100300 improves malicious bot protection by incorporating risky IPs identified by Microsoft Threat Intelligence. We have also updated good bot rules 200100 and 200200, and added new rules 200300, 200400, 200500, 200600, and 200700 for enhanced security and granular control. These new good bot rules expand the detection of good bots by including a broader set of known crawlers and distinguishing various categories of good bots. Bad bots are blocked by default, good bots are allowed, and unknown bots are set to log action.

We have also introduced JS Challenge as the latest addition to our list of actions. Customers can overwrite the default action with Allow, Block, Log, or JS Challenge for any type of bot rule. 

For more details, see the bot protection overview.