Skip to content

Commit b9b7f45

Browse files
v-shilsv-shils
authored
Merge pull request #293412 from vhorne/waf-rate-limit
freshness updates
2 parents 1fdf2ef + 4be3840 commit b9b7f45

File tree

1 file changed

+52
-51
lines changed

1 file changed

+52
-51
lines changed

articles/web-application-firewall/ag/rate-limiting-configure.md

Lines changed: 52 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ services: web-application-firewall
66
author: joeolerich
77
ms.service: azure-web-application-firewall
88
ms.custom: devx-track-azurepowershell, devx-track-azurecli
9-
ms.date: 11/01/2023
9+
ms.date: 01/22/2025
1010
ms.author: victorh
1111
ms.topic: how-to
1212
---
@@ -19,25 +19,25 @@ Rate limiting enables you to detect and block abnormally high levels of traffic
1919

2020
Use the following information to configure Rate Limit Rules for Application Gateway WAFv2.
2121

22-
**Scenario One** - Create rule to rate-limit traffic by Client IP that exceed the configured threshold, matching all traffic.
22+
**Scenario One** - Create rule to rate-limit traffic by Client IP that exceeds the configured threshold, matching all traffic.
2323

2424
#### [Portal](#tab/browser)
2525

26-
1. Open an existing Application Gateway WAF Policy
27-
1. Select Custom Rules
28-
1. Add Custom Rule
29-
1. Add Name for the Custom Rule
30-
1. Select the Rate limit Rule Type radio button
31-
1. Enter a Priority for the rule
32-
1. Choose 1 minute for Rate limit duration
33-
1. Enter 200 for Rate limit threshold (requests)
34-
1. Select Client address for Group rate limit traffic by
35-
1. Under Conditions, choose IP address for Match Type
36-
1. For Operation, select the Does not contain radio button
37-
1. For match condition, under IP address or range, enter 255.255.255.255/32
38-
1. Leave action setting to Deny traffic
39-
1. Select Add to add the custom rule to the policy
40-
1. Select Save to save the configuration and make the custom rule active for the WAF policy.
26+
1. Open an existing Application Gateway WAF Policy.
27+
1. Select **Custom Rules**.
28+
1. Select **Add Custom Rule**.
29+
1. Type a name for the custom rule.
30+
1. For the **Rule type**, select **Rate limit**.
31+
1. Type a **Priority** for the rule.
32+
1. Choose **1 minute** for **Rate limit duration**.
33+
1. Type **200** for **Rate limit threshold (requests)**.
34+
1. Select **Client address** for **Group rate limit traffic by**.
35+
1. Under **Conditions**, choose **IP address** for **Match type**.
36+
1. For **Operation**, select **Does not contain**.
37+
1. For match condition, under **IP address or range**, type **255.255.255.255/32**.
38+
1. Leave action setting to **Deny traffic**.
39+
1. Select **Add** to add the custom rule to the policy.
40+
1. Select **Save** to save the configuration and make the custom rule active for the WAF policy.
4141

4242
#### [PowerShell](#tab/powershell)
4343

@@ -55,26 +55,26 @@ az network application-gateway waf-policy custom-rule match-condition add --matc
5555
```
5656
* * *
5757

58-
**Scenario Two** - Create Rate Limit Custom Rule to match all traffic except for traffic originating from the United States. Traffic will be grouped, counted and rate limited based on the GeoLocation of the Client Source IP address
58+
**Scenario Two** - Create Rate Limit Custom Rule to match all traffic except for traffic originating from the United States. Traffic is grouped, counted, and rate limited based on the GeoLocation of the Client Source IP address
5959

6060
#### [Portal](#tab/browser)
6161

62-
1. Open an existing Application Gateway WAF Policy
63-
1. Select Custom Rules
64-
1. Add Custom Rule
65-
1. Add Name for the Custom Rule
66-
1. Select the Rate limit Rule Type radio button
67-
1. Enter a Priority for the rule
68-
1. Choose 1 minute for Rate limit duration
69-
1. Enter 500 for Rate limit threshold (requests)
70-
1. Select Geo location for Group rate limit traffic by
71-
1. Under Conditions, choose Geo location for Match Type
72-
1. In the Match variables section, select RemoteAddr for Match variable
73-
1. Select the Is not radio button for operation
74-
1. Select United States for Country/Region
75-
1. Leave action setting to Deny traffic
76-
1. Select Add to add the custom rule to the policy
77-
1. Select Save to save the configuration and make the custom rule active for the WAF policy.
62+
1. Open an existing Application Gateway WAF Policy.
63+
1. Select **Custom Rules**.
64+
1. Select **Add Custom Rule**.
65+
1. Type a name for the custom rule.
66+
1. For the **Rule type**, select **Rate limit**.
67+
1. Type a **Priority** for the rule.
68+
1. Choose **1 minute** for **Rate limit duration**.
69+
1. Type **500** for **Rate limit threshold (requests)**.
70+
1. Select **Geo location** for **Group rate limit traffic by**.
71+
1. Under **Conditions**, choose **Geo location** for **Match type**.
72+
1. In the **Match variables section, select **RemoteAddr** for **Match variable**.
73+
1. Select **Is not** for **Operation**.
74+
1. Select **United States** for **Country/Region**.
75+
1. Leave action setting to **Deny traffic**.
76+
1. Select **Add** to add the custom rule to the policy.
77+
1. Select **Save** to save the configuration and make the custom rule active for the WAF policy.
7878

7979
#### [PowerShell](#tab/powershell)
8080
```azurepowershell
@@ -95,23 +95,24 @@ az network application-gateway waf-policy custom-rule match-condition add --matc
9595

9696
#### [Portal](#tab/browser)
9797

98-
1. Open an existing Application Gateway WAF Policy
99-
1. Select Custom Rules
100-
1. Add Custom Rule
101-
1. Add Name for the Custom Rule
102-
1. Select the Rate limit Rule Type radio button
103-
1. Enter a Priority for the rule
104-
1. Choose 1 minute for Rate limit duration
105-
1. Enter 100 for Rate limit threshold (requests)
106-
1. Select None for Group rate limit traffic by
107-
1. Under Conditions, choose String for Match Type
108-
1. In the Match variables section, select RequestUri for Match variable
109-
1. Select the Is not radio button for operation
110-
1. For Operator select contains
111-
1. Enter Login page path for match Value. In this example we use /login
112-
1. Leave action setting to Deny traffic
113-
1. Select Add to add the custom rule to the policy
114-
1. Select Save to save the configuration and make the custom rule active for the WAF policy.
98+
1. Open an existing Application Gateway WAF Policy.
99+
1. Select **Custom Rules**.
100+
1. Select **Add Custom Rule**.
101+
1. Type a name for the custom rule.
102+
1. For the **Rule type**, select **Rate limit**.
103+
1. Type a **Priority** for the rule.
104+
1. Choose **1 minute** for **Rate limit duration**.
105+
1. Type **100** for **Rate limit threshold (requests)**.
106+
1. Select **None** for **Group rate limit traffic by**.
107+
1. Under **Conditions**, choose **String** for **Match type**.
108+
1. In the **Match variables** section, select **RequestUri** for **Match variable**.
109+
1. Select **Is not** for **Operation**.
110+
1. For **Operator** select **Contains**.
111+
1. Selecting a transformation optional.
112+
1. Enter Login page path for match Value. In this example we use **/login**.
113+
1. Leave action setting to **Deny traffic**.
114+
1. Select **Add** to add the custom rule to the policy
115+
1. Select **Save** to save the configuration and make the custom rule active for the WAF policy.
115116

116117
#### [PowerShell](#tab/powershell)
117118
```azurepowershell

0 commit comments

Comments
 (0)