Merge pull request #78458 from KumudD/wafupdate0529

Waf updates - Publish by 3:00PM 05/31

Author: v-albemi

articles/frontdoor/TOC.yml

@@ -70,6 +70,8 @@
       href: waf-front-door-create-portal.md
     - name: Configure WAF policy - Azure PowerShell
       href: waf-front-door-custom-rules-powershell.md  
+    - name: Configure bot protection
+      href: waf-front-door-policy-configure-bot-protection.md
     - name: Configure custom response code
       href: waf-front-door-configure-custom-response-code.md
     - name: Configure IP restrictions

articles/frontdoor/media/waf-front-door-configure-bot-protection/botprotect2.png

@@ -9,22 +9,17 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: infrastructure-services
-ms.date: 05/21/2019
+ms.date: 05/31/2019
 ms.author: kumud;tyao
 
 ---
-# Configure an IP restriction rule with web application firewall for Azure Front Door (Preview)
+# Configure an IP restriction rule with web application firewall for Azure Front Door
  This article shows you how to configure IP restriction rules in Azure web application firewall (WAF) for Front Door by using Azure CLI, Azure PowerShell, or Azure Resource Manager template.
 
 An IP address based access control rule is a custom WAF rule that allows you to control access to your web applications by specifying a list of IP addresses or IP address ranges in Classless Inter-Domain Routing (CIDR) form.
 
 By default, your web application is accessible from the internet. If you want to limit access to your web applications only to clients from a list of known IP addresses or IP address ranges, you need to create two IP matching rules. First IP matching rule contains the list of IP addresses as matching values and set the action to "ALLOW". The second one with lower priority, is to block all other IP addresses by using the "All" operator and set the action to "BLOCK". Once an IP restriction rule is applied, any requests originating from addresses outside this allowed list receives a 403 (Forbidden) response.  
 
-> [!IMPORTANT]
-> The WAF IP restriction feature for Azure Front Door is currently in public preview.
-> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
 ## Configure WAF policy with Azure CLI
 
 ### Prerequisites

articles/frontdoor/media/waf-front-door-create-portal/customquerystring2.png

@@ -11,7 +11,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: infrastructure-services
-ms.date: 04/8/2019
+ms.date: 05/31/2019
 ms.author: kumud;tyao
 ---
 
@@ -58,17 +58,19 @@ To see WAF in action, you can change the mode settings from **Detection** to **P
 
  ![Change WAF policy mode](./media/waf-front-door-create-portal/policy.png)
 
+### Custom rules
+
+You can create a custom rule by selecting **Add custom rule** under the **Custom rules** section. This launches the custom rule configuration page. Below is an example of configuring a custom rule to block a request if the query string contains **blockme**.
+
+![Change WAF policy mode](./media/waf-front-door-create-portal/customquerystring2.png)
+
 ### Default Rule Set (DRS)
 
 Azure-managed Default Rule Set is enabled by default. To disable an individual rule within a rule group, expand the rules within that rule group,  select the **check box** in front of the rule number, and select **Disable** on the tab above. To change actions types for individual rules within the rule set, select the check box in front of the rule number, and then select the **Change action** tab above.
 
- ![Change WAF Rule Set](./media/waf-front-door-create-portal/managed.png)
+ ![Change WAF Rule Set](./media/waf-front-door-create-portal/managed2.png)
 
 ## Next steps
 
 - Learn about [Azure web application firewall](waf-overview.md).
 - Learn more about [Azure Front Door](front-door-overview.md).
-
-
-
-

articles/frontdoor/media/waf-front-door-create-portal/managed.png

@@ -8,7 +8,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: infrastructure-services
-ms.date: 04/08/2019
+ms.date: 05/31/2019
 ms.author: tyao;kumud
 
 ---
@@ -17,11 +17,6 @@ ms.author: tyao;kumud
 
 Azure web application firewall (WAF) monitoring and logging are provided through logging and integration with Azure Monitor and Azure Monitor logs.
 
-> [!IMPORTANT]
-> The WAF monitoring and logging feature for Azure Front Door is currently in public preview.
-> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
 ## Azure Monitor
 
 WAF with FrontDoor log is integrated with [Azure Monitor](../azure-monitor/overview.md). Azure Monitor allows you to track diagnostic information including WAF alerts and logs. You can configure WAF monitoring within the Front Door resource in the portal under the **Diagnostics** tab or through the Azure Monitor service directly.