Application gateway WAF mode vs WAF policy mode

Kufat-8923 21 Reputation points
2022-11-19T06:57:16.3+00:00

We have created an application gateway with WAF policies associated to it. In application gateway, there is a WAF mode option (prevention, detection, etc.). In WAF, there is a policy mode (prevention, detection, etc.). May I ask which option takes precedence? For instance, if the WAF mode in application gateway is set to "detection" but the WAF policy mode is set to "prevention", will the application gateway detect or prevent the attacks? Thanks.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
964 questions
Azure Web Application Firewall
0 comments
Accepted answer
  1. JimmySalian-2011 41,921 Reputation points
    2022-11-19T14:32:42.357+00:00

    Hi,

    AFAIK, the policy linked to the Listerner will take precedence over the App Gateway policy settings, and also as per Microsoft you will need to migrate or use WAF policies going forward "WAF policies are the new resource type for managing your Application Gateway WAF. "

    Essentially, all the WAF configurations that were previously done inside the Application Gateway are now done through the WAF Policy.

    Hope this helps.
    JS

    ==
    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest