WAF policy automatically switching to Detection mode

Farzana Mustafa 81 Reputation points
2022-10-25T04:29:49.88+00:00

We have noticed that our WAF policy is automatically switching to Detection mode from Prevention mode.

Any idea why this is happening?

Azure Web Application Firewall
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 38,051 Reputation points Microsoft Employee
    2022-11-07T04:27:46.38+00:00

    Hello @Farzana Mustafa ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you are facing issues with WAF policy automatically switching from Prevention to Detection mode.

    I informed this should not be the ideal case and suggested to check the activity logs.

    257741-image.png

    You informed us you were able to see the changes in Activity Log and the changes were indeed happening.

    However, it turns out to be one-off issue and the issue is no longer reproducible.

    Thank you for leveraging Microsoft Q&A platform.
    We value your continued contribution.

    Cheers,
    Kapil.

    ----------------------------------------------------------------------------------------------------------------

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Priya Kumar 1,096 Reputation points Microsoft Employee
    2022-10-25T04:40:08.397+00:00

    Hello @Farzana Mustafa ,

    Thanks for reaching out to Q and A platform.

    1. The WAF will not automatically switch the Modes, unless we have performed the action on the resource.
    2. Could you pull the “activity log” in the Portal and see what the request Body shows? that should give us the PUT operation, and it'll tell us if the call included Prevention or Detection under webApplicationFirewallConfiguration>firewallMode.

    Regards,
    Priya Kumar