Merge pull request #103123 from vhorne/waf-bot-protection

GitHubber17 · web-flow · commit 3bc3da13b3f0 · 2020-02-04T12:34:30.000-08:00
Start WAF bot protection overview
diff --git a/articles/web-application-firewall/ag/bot-protection-overview.md b/articles/web-application-firewall/ag/bot-protection-overview.md
@@ -0,0 +1,34 @@
+---
+title: WAF on Azure Application Gateway bot protection overview
+titleSuffix: Azure Web Application Firewall
+description: This article provides an overview of web application firewall (WAF) on Application Gateway bot protection
+services: web-application-firewall
+author: winthrop28
+ms.service: web-application-firewall
+ms.date: 02/04/2020
+ms.author: victorh
+ms.topic: conceptual
+---
+
+# Azure Web Application Firewall on Azure Application Gateway bot protection overview
+
+Roughly 20% of all Internet traffic comes from bad bots. They do things like scraping, scanning, and looking for vulnerabilities in your web application. When these bots are stopped at the Web Application Firewall (WAF), they can’t attack you. They also can’t use up your resources and services, such as your backends and other underlying infrastructure.
+
+You can enable a managed bot protection rule set for your WAF to block or log requests from known malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed. Intelligent Security Graph powers Microsoft threat intelligence and is used by multiple services including Azure Security Center.
+
+> [!IMPORTANT]
+> The bot protection rule set is currently in public preview and is provided with a preview service level agreement. Certain features may not be supported or may have constrained capabilities. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for details.
+
+## Use with OWASP rulesets
+
+You can use the Bot Protection ruleset alongside any of the OWASP rulesets (2.2.9, 3.0, and 3.1). Only one OWASP ruleset can be used at any given time. The bot protection ruleset contains an additional rule that appears in its own ruleset. It's titled **Microsoft_BotManagerRuleSet_0.1**, and you can  enable or disable it like the other OWASP rules.
+
+![Bot ruleset](../media/bot-protection-overview/bot-ruleset.png)
+
+## Ruleset update
+
+The bot mitigation ruleset list of known bad IP addresses updates multiple times per day from the Microsoft Threat Intelligence feed to stay in sync with the bots. Your web applications are continuously protected even as the bot attack vectors change.
+
+## Next steps
+
+- [Configure bot protection for Web Application Firewall on Azure Application Gateway (Preview)](bot-protection.md)
diff --git a/articles/web-application-firewall/media/bot-protection-overview/bot-ruleset.png b/articles/web-application-firewall/media/bot-protection-overview/bot-ruleset.png
diff --git a/articles/web-application-firewall/toc.yml b/articles/web-application-firewall/toc.yml
@@ -44,6 +44,8 @@
       href: ./ag/application-gateway-waf-configuration.md
     - name: WAF Policy overview
       href: ./ag/policy-overview.md
+    - name: Bot protection overview
+      href: ./ag/bot-protection-overview.md
   - name: Front Door
     items:
     - name: Custom rules
