StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

WAF Policy for App Gateway and AKS

  • August 31, 2021
  • 4 min read
A datacenter and cloud solution architect specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.

If you are using Application Gateway, with WAF enabled, this article is for you. We will see how to deploy and use a WAF Policy.

This feature will help you to manage rules, policy and custom rules for an Application Gateway or a specific listener or a route path.

To start, deploy a new WAF Policy, choose the Regional WAF as policy:

WAF Policy

Select the OWASP rule set:

Select the OWASP rule set

Customize Policy settings if you need it:

Customize Policy settings

If you need custom rule, select it here:

Сustom rule

Finally, associate the WAF policy with you App Gateway:

Associate the WAF policy with you App Gateway

It is now associated:


Here, if we modify something is this rule, it will be applied to all listeners on this App Gateway. If you need to do some exceptions, for an OWASP rule, or to allow a specific public IP to access a webpage for example, you can create an additional WAF Policy, and associate it to a specific listener. Let’s do that. I’ll create a new policy, to deny my public ip to access the website

Create s WAF Policy

Let’s associate it with my listener that hosts my website:

Associate it with listener that hosts the website

When the policy is applied and if I navigate to the website, I will have a forbidden message:

Forbidden message

If I change the rule to allow my public ip now, I can browse the URL:

Browse the URL

As you can see, with WAF Policy, you can customize rules for a specific listener (website) without impacting others.

Back to blog