Bot rules get logged despite action is Allow

Question

I have assigned the Microsoft_BotManagedRuleSet_1.0 to a WAF profile connected with Azure Front Door Premium.

After having seen a lot FrontDoorWebApplicationFirewallLog entries originating from hits done by our site monitoring service, I have set their action to Allow instead of Log but the entries are still getting created.

Can you please confirm this is expected behavior?

How am I able to prevent such log entries?

Answer 1

Hi @metalheart ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are seeing the log entries from your monitoring service in Front Door WAF.

This is an expected behavior.
Refer : Azure Web Application Firewall monitoring and logging

While everything will be added to the logs, you can create a custom query to view or hide requests originating from your monitoring service.

For e.g., you can add a filter to not display requests originating from your monitoring service's IP.

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog"
| where ClientIP != <IP of Monitoring Service>

I hope this helps.

Cheers,
Kapil

----------------------------------------------------------------------------------------------------------------

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.