Skip to main content

Web Application Firewall with Azure Front Door service now supports exclusion lists

Published date: March 06, 2020

Web Application Firewall exclusion lists allow you to omit certain request attributes from a rule evaluation. Use them to fine tune Web Application Firewall policies for your applications.

Attributes supported for exclusion include request header, cookie, query string, and post args. Apply exclusion lists to all rules within the managed rule set, to rules for a specific rule group, or to a single rule. 

An exclusion list can be configured using PowerShell, Azure CLI, Rest API, or the Azure portal.

For more details, please read the WAF exclusion lists overview


  • Web Application Firewall
  • Azure Front Door (classic)
  • Features
  • Management
  • Services
  • Security