![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 55.00000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
361 questions
Hello @Matheus Silva ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know if there is a limit of IP groups and IPs in a group for WAF exclusion?
The limit of WAF IP address ranges per match condition is:
- 540 with CRS 3.1 or lower
- 600 with CRS 3.2 or newer
Maximum WAF custom rules that can be configured in a WAF is 100.
And WAF IP address ranges per match condition is 600.
So, that gives you a total of 60000 IP address ranges.
NOTE: This limit is same for both Application gateway WAF and Azure Front Door WAF.
If one custom rule already has 600 IP addresses/ranges, you can create another custom rule and add the new IPs/ranges.
One IP range is considered as 1 entry. And you can add 600 IP ranges in one custom rule. But you need to make sure that none of the address ranges has overlapping IP addresses and all the ranges have unique IP addresses.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.