Azure WAF Rule Sets¶
Welcome to the Azure WAF Rule Set reference documentation.
This site provides a comprehensive reference for all Azure Web Application Firewall rule sets, including rule IDs, rule groups, descriptions, default actions, and states.
Coverage¶
App Gateway¶
| Rule Set | Description |
|---|---|
| OWASP | OWASP Core Rule Set for App Gateway |
| Default Rule Set | Microsoft managed default rules |
| Bot Manager | Microsoft bot detection and mitigation rules |
Front Door¶
| Rule Set | Description |
|---|---|
| Default Rule Set | Microsoft managed default rules |
| Bot Manager | Microsoft bot detection and mitigation rules |
| Legacy | Legacy and preview rule sets |
About¶
- Rule set data is sourced directly from the Azure REST API
- OWASP CRS source links point to the corresponding rule file in the CRS GitHub repository
- Documentation is automatically regenerated on a scheduled basis
- Microsoft proprietary rules (99xxxxxx, Bot*) do not have CRS source links