You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/web-application-firewall/ag/policy-overview.md
+8-7Lines changed: 8 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,22 +20,23 @@ Web Application Firewall Policies contain all the WAF settings and configuration
20
20
21
21
There's no limit on the number of policies you can create. When you create a policy, it must be associated to an application gateway to take effect. It can be associated with any combination of application gateways, listeners, and path-based rules.
22
22
23
-
When you associate a WAF policy globally, every site behind your Application Gateway WAF is protected with the same managed rules, custom rules, exclusions, and any other configured settings.
24
-
25
-
Say your application gateway has a global policy applied to it. Then you apply a different policy to a listener on that application gateway. The listener's policy now takes effect for that listener. The application gateway’s global policy still applies to all other listeners and path-based rules that don't have a specific policy assigned to them.
26
-
27
23
## Global WAF policy
28
24
25
+
When you associate a WAF policy globally, every site behind your Application Gateway WAF is protected with the same managed rules, custom rules, exclusions, and any other configured settings.
26
+
29
27
If you want a single policy to apply to all sites, you can associate the policy with the application gateway. For more information, see [Create Web Application Firewall policies for Application Gateway](create-waf-policy-ag.md) to create and apply a WAF policy using the Azure portal.
30
28
31
29
## Per-site WAF policy
32
30
33
-
You can protect multiple sites with different needs behind a single WAF by using per-site policies.
34
-
For example, if there are five sites behind your WAF, you can have five separate WAF policies (one for each listener) to customize the exclusions, custom rules, and managed rule sets for each site.
31
+
With per-site WAF policies, you can protect multiple sites with differing security needs behind a single WAF by using per-site policies. For example, if there are five sites behind your WAF, you can have five separate WAF policies (one for each listener) to customize the exclusions, custom rules, managed rule sets, and all other WAF settings for each site.
32
+
33
+
Say your application gateway has a global policy applied to it. Then you apply a different policy to a listener on that application gateway. The listener's policy now takes effect for just that listener. The application gateway’s global policy still applies to all other listeners and path-based rules that don't have a specific policy assigned to them.
35
34
36
35
## Per-URI policy
37
36
38
-
For even more customization down to the URI level, you can associate a WAF policy with a path-based rule. If there are certain pages within a single site that require different policies, you can make changes to the WAF policy that only affect a given URI. This might apply to payment or sign-in pages.
37
+
For even more customization down to the URI level, you can associate a WAF policy with a path-based rule. If there are certain pages within a single site that require different policies, you can make changes to the WAF policy that only affect a given URI. This might apply to a payment or sign-in page, or any other URIs that need an even more specific WAF policy than the other sites behind your WAF.
38
+
39
+
As with per-site WAF policies, more specific policies overrides less specific ones. This means a per-URI policy on a URL path map overrides any per-site or gloabl WAF policy above it.
0 commit comments