You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/web-application-firewall/ag/best-practices.md
+8-7Lines changed: 8 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,16 +1,16 @@
1
1
---
2
-
title: Best practices for Azure Web Application Firewall (WAF) on Azure Application Gateway
2
+
title: Best practices for Azure Web Application Firewall (WAF) on Application Gateway
3
3
description: In this article, you learn about the best practices for using the Azure Web Application Firewall (WAF) on Azure Application Gateway.
4
4
author: halkazwini
5
5
ms.author: halkazwini
6
6
ms.service: azure-web-application-firewall
7
7
ms.topic: concept-article
8
-
ms.date: 08/28/2023
8
+
ms.date: 04/30/2025
9
9
---
10
10
11
11
# Best practices for Azure Web Application Firewall (WAF) on Azure Application Gateway
12
12
13
-
This article summarizes best practices for using Azure Web Application Firewall (WAF) on Azure Application Gateway.
13
+
This article summarizes the best practices for using Azure Web Application Firewall (WAF) on Azure Application Gateway.
14
14
15
15
## General best practices
16
16
@@ -20,10 +20,11 @@ For Internet-facing applications, we recommend you enable a web application fire
20
20
21
21
### Use WAF policies
22
22
23
-
WAF policies are the new resource type for managing your Application Gateway WAF. If you have older WAFs that use WAF Configuration resources, you should migrate to WAF policies to take advantage of the latest features.
23
+
WAF policies are the new resource type for managing your Application Gateway WAF. If you have older WAFs that use WAF configuration resources, you should migrate to WAF policies to take advantage of the latest features.
24
24
25
25
For more information, see the following resources:
26
-
-[Migrate Web Application Firewall policies using Azure PowerShell](./migrate-policy.md)
26
+
-[Upgrade to Azure Application Gateway WAF policy](./upgrade-ag-waf-policy.md)
27
+
-[Upgrade Web Application Firewall policies using Azure PowerShell](./migrate-policy.md)
27
28
-[Upgrade Application Gateway WAF configuration to WAF policy using Azure Firewall Manager](../shared/manage-policies.md#upgrade-application-gateway-waf-configuration-to-waf-policy)
28
29
29
30
### Tune your WAF
@@ -42,7 +43,7 @@ After you tune your WAF, you should configure it to [run in **prevention** mode]
42
43
43
44
When you tune your WAF for your application workload, you typically create a set of rule exclusions to reduce false positive detections. If you manually configure these exclusions by using the Azure portal, then when you upgrade your WAF to use a newer ruleset version, you need to reconfigure the same exceptions against the new ruleset version. This process can be time-consuming and error-prone.
44
45
45
-
Instead, consider defining your WAF rule exclusions and other configurations as code, such as by using the Azure CLI, Azure PowerShell, Bicep or Terraform. Then, when you need to update your WAF ruleset version, you can easily reuse the same exclusions.
46
+
Instead, consider defining your WAF rule exclusions and other configurations as code, such as by using the Azure CLI, Azure PowerShell, Bicep, or Terraform. Then, when you need to update your WAF ruleset version, you can easily reuse the same exclusions.
46
47
47
48
## Managed ruleset best practices
48
49
@@ -86,6 +87,6 @@ Microsoft Sentinel is a security information and event management (SIEM) system,
86
87
87
88
For more information, see [Using Microsoft Sentinel with Azure Web Application Firewall](../waf-sentinel.md).
88
89
89
-
## Next steps
90
+
## Next step
90
91
91
92
Learn how to [enable the WAF on an Application Gateway](application-gateway-web-application-firewall-portal.md).
0 commit comments