- Describe how a WAF protects web applications from common attacks such as SQL injection and cross-site scripting (XSS).
- Choose the right Azure WAF deployment option for your scenario.
- Configure managed and custom rules, and understand rule ordering and priorities.
- Associate a WAF policy with Azure Front Door for centralized, edge-based protection.
| Mode | Purpose | When to use |
|---|---|---|
| Detection (Log) | Inspects traffic and logs suspicious requests without blocking them | Use when tuning rules and monitoring for false positives |
| Prevention (Blocking) | Actively blocks requests that match configured rules | Use after validating rules in detection mode and when ready to enforce protection |
Detection mode is useful for tuning rules and observing false positives; switch to prevention mode once rules are validated.
- Managed rule sets (for example, the OWASP CRS or Microsoft-managed rule groups) provide baseline protection against common threats out of the box.
- Custom rules let you apply targeted protections such as IP allow/deny lists, geographic (country) blocking, header/path/query-string matching, or rate limiting.
- Rule evaluation follows a priority model — lower priority numbers run first.
- When multiple rules match, the first matching rule with an action typically determines the outcome.
- Use logging and metrics to monitor rule hits and tune priorities over time.
- When you attach a WAF policy to Azure Front Door, WAF applies protection at the edge locations closest to clients, providing centralized, global defense and reducing latency for protection decisions.
- Azure Front Door continues to handle global load balancing, SSL termination, and routing while the WAF policy enforces security rules at the edge.
