Merge pull request #113895 from vhorne/ag-waf-faq

GitHubber17 · web-flow · commit a074738a497c · 2020-05-05T10:26:51.000-07:00
Ag waf faq
diff --git a/articles/application-gateway/application-gateway-faq.md b/articles/application-gateway/application-gateway-faq.md
@@ -5,7 +5,7 @@ services: application-gateway
 author: vhorne
 ms.service: application-gateway
 ms.topic: article
-ms.date: 04/01/2020
+ms.date: 05/05/2020
 ms.author: victorh
 ---
 
@@ -326,42 +326,6 @@ For multiple domain-based (host-based) routing, you can create multisite listene
 
 No, use only alphanumeric characters in your .pfx file password.
 
-## Configuration - web application firewall (WAF)
-
-### Does the WAF SKU offer all the features available in the Standard SKU?
-
-Yes. WAF supports all the features in the Standard SKU.
-
-### How do I monitor WAF?
-
-Monitor WAF through diagnostic logging. For more information, see [Diagnostic logging and metrics for Application Gateway](application-gateway-diagnostics.md).
-
-### Does detection mode block traffic?
-
-No. Detection mode only logs traffic that triggers a WAF rule.
-
-### Can I customize WAF rules?
-
-Yes. For more information, see [Customize WAF rule groups and rules](application-gateway-customize-waf-rules-portal.md).
-
-### What rules are currently available for WAF?
-
-WAF currently supports CRS [2.2.9](../web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md#owasp229), [3.0](../web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md#owasp30), and [3.1](../web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md#owasp31). These rules provide baseline security against most of the top-10 vulnerabilities that Open Web Application Security Project (OWASP) identifies: 
-
-* SQL injection protection
-* Cross-site scripting protection
-* Protection against common web attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack
-* Protection against HTTP protocol violations
-* Protection against HTTP protocol anomalies such as missing host user-agent and accept headers
-* Prevention against bots, crawlers, and scanners
-* Detection of common application misconfigurations (that is, Apache, IIS, and so on)
-
-For more information, see [OWASP top-10 vulnerabilities](https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013).
-
-### Does WAF support DDoS protection?
-
-Yes. You can enable DDoS protection on the virtual network where the application gateway is deployed. This setting ensures that the Azure DDoS Protection service also protects the application gateway virtual IP (VIP).
-
 ## Configuration - ingress controller for AKS
 
 ### What is an Ingress Controller?
diff --git a/articles/web-application-firewall/afds/waf-faq.md b/articles/web-application-firewall/afds/waf-faq.md
@@ -1,18 +1,18 @@
 ---
-title: Azure Web Application Firewall - Frequently Asked Questions
+title: Azure Web Application Firewall on Azure Front Door Service - frequently asked questions
 description: This article provides answers to frequently asked questions about Web Application Firewall on Azure Front Door
 services: web-application-firewall
 author: vhorne
 ms.service: web-application-firewall
 ms.devlang: na
 ms.topic: article
-ms.date: 09/25/2019
+ms.date: 05/05/2020
 ms.author: victorh
 ---
 
 # Frequently asked questions for Azure Web Application Firewall on Azure Front Door Service
 
-This article answers common questions about Azure web application firewall (WAF) features and functionality. 
+This article answers common questions about Azure Web Application Firewall (WAF) on Azure Front Door Service features and functionality. 
 
 ## What is Azure WAF?
 
diff --git a/articles/web-application-firewall/ag/application-gateway-waf-faq.md b/articles/web-application-firewall/ag/application-gateway-waf-faq.md
@@ -0,0 +1,60 @@
+---
+title: Azure Web Application Firewall on Application Gateway - frequently asked questions
+description: This article provides answers to frequently asked questions about Web Application Firewall on Application Gateway
+services: web-application-firewall
+author: vhorne
+ms.service: web-application-firewall
+ms.topic: article
+ms.date: 05/05/2020
+ms.author: victorh
+---
+
+# Frequently asked questions for Azure Web Application Firewall on Application Gateway
+
+This article answers common questions about Azure Web Application Firewall (WAF)  on Application Gateway features and functionality. 
+
+## What is Azure WAF?
+
+Azure WAF is a web application firewall that helps protect your web applications from common threats such as SQL injection, cross-site scripting, and other web exploits. You can define a WAF policy consisting of a combination of custom and managed rules to control access to your web applications.
+
+An Azure WAF policy can be applied to web applications hosted on Application Gateway or Azure Front Doors.
+
+## What features does the WAF SKU support?
+
+The WAF SKU supports all the features available in the Standard SKU.
+
+## How do I monitor WAF?
+
+Monitor WAF through diagnostic logging. For more information, see [Diagnostic logging and metrics for Application Gateway](../../application-gateway/application-gateway-diagnostics.md).
+
+## Does detection mode block traffic?
+
+No. Detection mode only logs traffic that triggers a WAF rule.
+
+## Can I customize WAF rules?
+
+Yes. For more information, see [Customize WAF rule groups and rules](application-gateway-customize-waf-rules-portal.md).
+
+## What rules are currently available for WAF?
+
+WAF currently supports CRS [2.2.9](application-gateway-crs-rulegroups-rules.md#owasp229), [3.0](application-gateway-crs-rulegroups-rules.md#owasp30), and [3.1](application-gateway-crs-rulegroups-rules.md#owasp31). These rules provide baseline security against most of the top-10 vulnerabilities that Open Web Application Security Project (OWASP) identifies: 
+
+* SQL injection protection
+* Cross-site scripting protection
+* Protection against common web attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack
+* Protection against HTTP protocol violations
+* Protection against HTTP protocol anomalies such as missing host user-agent and accept headers
+* Prevention against bots, crawlers, and scanners
+* Detection of common application misconfigurations (that is, Apache, IIS, and so on)
+
+For more information, see [OWASP top-10 vulnerabilities](https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013).
+
+## Does WAF support DDoS protection?
+
+Yes. You can enable DDoS protection on the virtual network where the application gateway is deployed. This setting ensures that the Azure DDoS Protection service also protects the application gateway virtual IP (VIP).
+
+
+## Next steps
+
+- Learn about [Azure Web Application Firewall](../overview.md).
+- Learn more about [Azure Front Door](../../frontdoor/front-door-overview.md).
diff --git a/articles/web-application-firewall/toc.yml b/articles/web-application-firewall/toc.yml
@@ -63,6 +63,8 @@
       href: ./ag/policy-overview.md
     - name: Bot protection overview
       href: ./ag/bot-protection-overview.md
+    - name: FAQ
+      href: ./ag/application-gateway-waf-faq.md
   - name: Front Door
     items:
     - name: Custom rules
