Bot rules get logged despite action is Allow

metalheart 361 Reputation points
2022-10-27T07:36:57.8+00:00

I have assigned the Microsoft_BotManagedRuleSet_1.0 to a WAF profile connected with Azure Front Door Premium.

After having seen a lot FrontDoorWebApplicationFirewallLog entries originating from hits done by our site monitoring service, I have set their action to Allow instead of Log but the entries are still getting created.

Can you please confirm this is expected behavior?

How am I able to prevent such log entries?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
614 questions
Azure Web Application Firewall
0 comments No comments
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 38,791 Reputation points Microsoft Employee
    2022-10-27T11:25:15.367+00:00

    Hi @metalheart ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you are seeing the log entries from your monitoring service in Front Door WAF.

    This is an expected behavior.
    Refer : Azure Web Application Firewall monitoring and logging
    254699-image.png

    While everything will be added to the logs, you can create a custom query to view or hide requests originating from your monitoring service.

    For e.g., you can add a filter to not display requests originating from your monitoring service's IP.

    AzureDiagnostics
    | where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog"
    | where ClientIP != <IP of Monitoring Service>

    I hope this helps.

    Cheers,
    Kapil

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful