If you are using Application Gateway, with WAF enabled, this article is for you. We will see how to deploy and use a WAF Policy.
This feature will help you to manage rules, policy and custom rules for an Application Gateway or a specific listener or a route path.
To start, deploy a new WAF Policy, choose the Regional WAF as policy:
Select the OWASP rule set:
Customize Policy settings if you need it:
If you need custom rule, select it here:
Finally, associate the WAF policy with you App Gateway:
It is now associated:
Here, if we modify something is this rule, it will be applied to all listeners on this App Gateway. If you need to do some exceptions, for an OWASP rule, or to allow a specific public IP to access a webpage for example, you can create an additional WAF Policy, and associate it to a specific listener. Let’s do that. I’ll create a new policy, to deny my public ip to access the website starwind.cloudyjourney.fr:
Let’s associate it with my listener that hosts my website:
When the policy is applied and if I navigate to the website, I will have a forbidden message:
If I change the rule to allow my public ip now, I can browse the URL:
As you can see, with WAF Policy, you can customize rules for a specific listener (website) without impacting others.