Skip to content

Use Recommended Application Gateway WAF policy rule groups#

Security · Application Gateway · Rule · 2024_03 · Critical

Use recommended rule groups in Application Gateway Web Application Firewall (WAF) policies to protect back end resources.


Application Gateway WAF policies support two main Rule Groups.

  • OWASP - Application Gateway web application firewall (WAF) protects web applications from common vulnerabilities and exploits. This is done through rules that are defined based on the OWASP core rule sets 3.2, 3.1, 3.0. It is recommended to use the latest rule set.
  • Bot protection - Enable a managed bot protection rule set to block or log requests from known malicious IP addresses.


Consider configuring Application Gateway WAF policy to use the recommended rule sets.