Skip to content

Latest commit

 

History

History
95 lines (70 loc) · 3.34 KB

application-gateway-customize-waf-rules-powershell.md

File metadata and controls

95 lines (70 loc) · 3.34 KB
title description documentationcenter services author manager editor ms.service ms.devlang ms.topic ms.tgt_pltfrm ms.custom ms.workload ms.date ms.author
Customize web application firewall rules in Azure Application Gateway - PowerShell | Microsoft Docs
This article provides information on how to customize web application firewall rules in Application Gateway with PowerShell.
na
application-gateway
davidmu1
timlt
tysonn
application-gateway
na
article
na
infrastructure-services
07/26/2017
davidmu

Customize web application firewall rules through PowerShell

[!div class="op_single_selector"]

The Azure Application Gateway web application firewall (WAF) provides protection for web applications. These protections are provided by the Open Web Application Security Project (OWASP) Core Rule Set (CRS). Some rules can cause false positives and block real traffic. For this reason, Application Gateway provides the capability to customize rule groups and rules. For more information on the specific rule groups and rules, see List of web application firewall CRS Rule groups and rules.

View rule groups and rules

The following code examples show how to view rules and rule groups that are configurable on a WAF-enabled application gateway.

View rule groups

The following example shows how to view rule groups:

Get-AzureRmApplicationGatewayAvailableWafRuleSets

The following output is a truncated response from the preceding example:

OWASP (Ver. 3.0):

    REQUEST-910-IP-REPUTATION:
        Description:
            
        Rules:
            RuleId     Description
            ------     -----------
            910011     Rule 910011
            910012     Rule 910012
            ...        ...

    REQUEST-911-METHOD-ENFORCEMENT:
        Description:
            
        Rules:
            RuleId     Description
            ------     -----------
            911011     Rule 911011
            ...        ...

OWASP (Ver. 2.2.9):

    crs_20_protocol_violations:
        Description:
            
        Rules:
            RuleId     Description
            ------     -----------
            960911     Invalid HTTP Request Line
            981227     Apache Error: Invalid URI in Request.
            960000     Attempted multipart/form-data bypass
            ...        ...

Disable rules

The following example disables rules 910018 and 910017 on an application gateway:

az network application-gateway waf-config set --resource-group AdatumAppGatewayRG --gateway-name AdatumAppGateway --enabled true --rule-set-version 3.0 --disabled-rules 910018 910017

Next steps

After you configure your disabled rules, you can learn how to view your WAF logs. For more information, see Application Gateway Diagnostics.