Is it possible to have `ApplicationGatewayFirewallLog` for disabled rules on Application Gateway WAF in Prevention mode

Krzysztof Madej 66 Reputation points
2022-04-26T09:03:48.847+00:00

Application Gateway with WAF in Detection mode logs each matched rule. However, in Prevention mode it catches only rules which are enabled. It makes sense somehow, because we don't want to have disabled rules evaluated in prevention mode, however I want to know if there are requestes which violate rules which are disabled. This is really important to monitor and adjust rule set.

So to sum up I would like to find a way to have Prevention mode for enabled rules and Detection mode for disabled rules.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,063 questions
Azure Web Application Firewall
0 comments
Accepted answer
  1. Luis Rodriguez 6,201 Reputation points Microsoft Employee
    2022-04-26T10:01:12.047+00:00

    Hello @Krzysztof Madej

    Welcome to Microsoft Q&A Platform.

    Firewall logs are based in the Rule ID of the triggering event so if the rule is disabled it won't appear in the logs:
    https://video2.skills-academy.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs#firewall-log

    If you think that this feature would be useful you can raise a request via Azure Feedback portal:
    https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789

    I hope this helps!

    ----------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.