Web Application Firewall on Front Door
Attach a WAF policy to your Front Door profile, enable managed rule sets for OWASP Top 10 protection, and create custom rules to block known malicious IPs.
What Is a Web Application Firewall?
A Web Application Firewall (WAF) inspects HTTP/HTTPS requests at Layer 7 and blocks known attack patterns before they reach your application. Common attacks it prevents include SQL injection, cross-site scripting (XSS), remote file inclusion, and protocol anomalies. Without a WAF, attackers can exploit vulnerabilities in your application code even if your network is correctly locked down. Azure WAF integrates with both Azure Front Door and Azure Application Gateway.
WAF Policy Resource
In Azure, a WAF policy is a standalone resource that contains managed rule sets and custom rules. You create the policy, configure rules, then associate it with one or more Front Door endpoints or Application Gateway instances. This decoupled design means one WAF policy can protect multiple Front Door endpoints — a single change to the policy propagates to all associated endpoints automatically. WAF policies exist in a specific Azure region but when attached to Front Door, protection is applied globally at all PoPs.
# Create a WAF policy for Front Door
az network front-door waf-policy create \
--name myWAFPolicy \
--resource-group myRG \
--sku Premium_AzureFrontDoor \
--mode PreventionAll lessons in this course
- Azure CDN Profiles and Endpoints
- Azure Front Door: Global Load Balancing
- Web Application Firewall on Front Door
- Optimising Performance with CDN Rules